Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Bogofilter Project
  • Bogofilter

Configuration 1 [-]

OR cpe:2.3:a:bogofilter_project:bogofilter:*:*:*:*:*:*:*:*
cpe:2.3:a:bogofilter_project:bogofilter:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:bogofilter_project:bogofilter:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:bogofilter_project:bogofilter:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:bogofilter_project:bogofilter:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:bogofilter_project:bogofilter:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:bogofilter_project:bogofilter:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:bogofilter_project:bogofilter:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:bogofilter_project:bogofilter:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:bogofilter_project:bogofilter:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:bogofilter_project:bogofilter:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:bogofilter_project:bogofilter:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:bogofilter_project:bogofilter:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:bogofilter_project:bogofilter:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:bogofilter_project:bogofilter:1.2.1:*:*:*:*:*:*:*
References
Link Resource
http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01 Patch Vendor Advisory
http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6973 Patch
http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6975 Exploit
http://secunia.com/advisories/51334 Vendor Advisory
http://secunia.com/advisories/51521 Vendor Advisory
http://www.debian.org/security/2012/dsa-2585
http://www.mandriva.com/security/advisories?name=MDVSA-2013:064
http://www.openwall.com/lists/oss-security/2012/12/03/13
http://www.securityfocus.com/bid/56804
https://bugzilla.redhat.com/show_bug.cgi?id=883358
https://exchange.xforce.ibmcloud.com/vulnerabilities/80524
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2012-12-18T01:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2012-10-24T00:00:00

Link: CVE-2012-5468

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2012-12-18T01:55:03.303

Modified: 2017-08-29T01:32:41.137

Link: CVE-2012-5468

JSON object: View

cve-icon Redhat Information

No data.

CWE