Vulnerability Details CVE-2005-4591
Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "invalid input sequences" that lead to heap corruption when bogofilter or bogolexer converts character sets.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.055
EPSS Ranking 89.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01
- http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html
- http://secunia.com/advisories/18352
- http://secunia.com/advisories/18427
- http://secunia.com/advisories/18717
- http://www.securityfocus.com/bid/16171
- http://www.vupen.com/english/advisories/2006/0100
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24118
- https://usn.ubuntu.com/240-1/
- http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01
- http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html
- http://secunia.com/advisories/18352
- http://secunia.com/advisories/18427
- http://secunia.com/advisories/18717
- http://www.securityfocus.com/bid/16171
- http://www.vupen.com/english/advisories/2006/0100
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24118
- https://usn.ubuntu.com/240-1/
Products affected by CVE-2005-4591
-
cpe:2.3:o:bogofilter:email_filter:0.93.5
-
cpe:2.3:o:bogofilter:email_filter:0.94.12
-
cpe:2.3:o:bogofilter:email_filter:0.94.14
-
cpe:2.3:o:bogofilter:email_filter:0.95.2
-
cpe:2.3:o:bogofilter:email_filter:0.96.2