13 matches found
CVE-2016-1238
CVE-2016-1238 affects SpamAssassin (Debian advisory DLA-1578-1). The issue arises when Perl programs do not properly remove trailing periods from the includes directory array, which can allow a local attacker to load a Trojan horse module from the current working directory and gain privileges. De...
CVE-2019-12420
In Apache SpamAssassin, versions prior to 3.4.3 are affected by CVE-2019-12420: a specially crafted message can cause excessive resource consumption, resulting in a denial of service. The recommended remediation is to upgrade to SpamAssassin 3.4.3 as soon as possible. Some advisories also note th...
CVE-2018-11805
In Apache SpamAssassin, multiple CVEs (notably CVE-2018-11805 and CVE-2020-1930) describe a command-execution flaw in which crafted configuration files (.cf) can run system commands with same privileges as the spamd process. The root cause is untrusted or crafted rule/config files enabling local ...
CVE-2020-1946
CVE-2020-1946 affects Apache SpamAssassin prior to 3.4.5. Malicious rule configuration files (.cf) can be crafted to execute system commands without output or errors, enabling command execution in multiple scenarios. Root cause: untrusted .cf content can trigger privileged actions. Impact: potent...
CVE-2020-1930
In CVE-2020-1930, Apache SpamAssassin contains a command-injection vulnerability in the .cf parsing path. Crafted configuration files can cause system commands to execute with the same privileges as the spamd process, potentially elevating access. The issue affects SpamAssassin before the patched...
CVE-2020-1931
Apache SpamAssassin prior to 3.4.3 contains a command-injection vulnerability where specially crafted configuration files (.cf) can cause execution of system commands. The issue is explicitly tied to CVE-2020-1931 and is part of a family of remote-impact flaws affecting the SpamAssassin workflow,...
CVE-2018-11780
Apache SpamAssassin is affected by CVE-2018-11780 due to a potential Remote Code Execution in the PDFInfo plugin prior to version 3.4.2. Connected sources confirm SpamAssassin and PDFInfo as the vulnerable components, with upstream/vendors recommending upgrading to 3.4.2 or newer to mitigate. The...
CVE-2017-15705
The CVE-2017-15705 entry concerns Apache SpamAssassin before 3.4.2, where crafted emails with unclosed HTML tags can trigger scan timeouts and Denial of Service. The root cause is tied to HTML::Parser usage in SpamAssassin: begin/end tag events are followed by an immediate close, causing the miss...
CVE-2018-11781
CVE-2018-11781 is an Apache SpamAssassin vulnerability describing a local user code injection in the meta rule syntax. Affected software is SpamAssassin 3.4.2 (upstream) with fixes implemented to address the issue. Deb/kern sources indicate this is a local-execution flaw rather than remote, tied ...
CVE-2006-2447
CVE-2006-2447 affects SpamAssassin spamd prior to 3.1.3 when run with vpopmail (--vpopmail) and paranoid (--paranoid) options. A crafted message sent to the spamd daemon can cause remote execution of arbitrary commands in the spamd process’ user context. Public references describe multiple adviso...
CVE-2005-1266
CVE-2005-1266 affects Apache SpamAssassin 3.0.1–3.0.3, where a remote attacker can trigger a denial of service by sending a message with a long Content-Type header and no boundaries, causing CPU consumption. The issue is documented across multiple advisories and vendors, with Debian Red Hat CentO...
CVE-2007-0451
CVE-2007-0451 affects SpamAssassin prior to 3.1.8. The issue arises when processing HTML email containing long URIs, which can trigger excessive memory usage and cause denial of service. Public advisories from Red Hat (RHSA-2007:0074) and Oracle Linux (ELSA-2007-0074) confirm the fix to version 3...
CVE-2005-3351
CVE-2005-3351 affects SpamAssassin 3.0.4, where an e-mail with an extremely large number of recipients causes a bus error in Perl, bypassing spam detection and potentially impacting mail processing. Public advisories (RH/CentOS/SUSE) describe a denial-of-service risk and direct upgrade to SpamAss...