The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Email_filter | Bogofilter | 0.9.0.3 (including) | 0.9.0.3 (including) |
Email_filter | Bogofilter | 0.9.0.4 (including) | 0.9.0.4 (including) |
Email_filter | Bogofilter | 0.9.0.5 (including) | 0.9.0.5 (including) |
Email_filter | Bogofilter | 0.92 (including) | 0.92 (including) |
Email_filter | Bogofilter | 0.92.4 (including) | 0.92.4 (including) |
Email_filter | Bogofilter | 0.92.6 (including) | 0.92.6 (including) |
Email_filter | Bogofilter | 0.92.7 (including) | 0.92.7 (including) |
Ubuntu_linux | Ubuntu | 4.1 (including) | 4.1 (including) |
Bogofilter | Ubuntu | dapper | * |
Bogofilter | Ubuntu | devel | * |
Bogofilter | Ubuntu | edgy | * |
Bogofilter | Ubuntu | feisty | * |