CVE-2010-2494
Published: 8 July 2010
Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character.
Priority
Status
Package | Release | Status |
---|---|---|
bogofilter Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Released
(1.1.5-2ubuntu5.1)
|
|
jaunty |
Released
(1.1.7-1ubuntu1.1)
|
|
karmic |
Released
(1.2.0-3ubuntu1.1)
|
|
lucid |
Released
(1.2.1-0ubuntu1.1)
|
|
upstream |
Released
(1.2.2)
|
|
Patches: upstream: http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/src/base64.c?view=patch&r1=6906&r2=6903 upstream: http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6905 |