Bogofilter: Security Vulnerabilities
Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character.
CVSS Score
5.0
EPSS Score
0.046
Published
2010-07-08
Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "invalid input sequences" that lead to heap corruption when bogofilter or bogolexer converts character sets.
CVSS Score
7.5
EPSS Score
0.055
Published
2005-12-31
Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via words that are longer than the input buffer used by flex.
CVSS Score
7.5
EPSS Score
0.043
Published
2005-12-31
The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address.
CVSS Score
5.0
EPSS Score
0.007
Published
2005-03-01
bogopass in bogofilter 0.9.0.4 allows local users to overwrite arbitrary files via a symlink attack on the bogopass temporary file.
CVSS Score
7.2
EPSS Score
0.001
Published
2002-12-31