FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-2494

This CVE name corresponds to:

Entered Topic
2010-07-06 bogofilter -- heap underrun on malformed base64 input

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-2494 at cve.mitre.org

Details

Type Candidate
Name CVE-2010-2494
Phase Assigned(20100628)

Description

Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character.

References

Source Reference
MLIST [oss-security] 20100705 Re: Request CVE ID for bogofilter base64 decoder
MLIST [oss-security] 20100705 Request CVE ID for bogofilter base64 decoder
MLIST [oss-security] 20100706 REPOST: CVE request for bogofilter
MLIST [oss-security] 20100706 Re: Request CVE ID for bogofilter base64 decoder
CONFIRM http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01
CONFIRM http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/doc/bogofilter-SA-2010-01?revision=6909&pathrev=6909
CONFIRM http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/src/base64.c?view=patch&r1=6906&r2=6903
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=611551
FEDORA FEDORA-2010-13139
FEDORA FEDORA-2010-13154
SUSE SUSE-SR:2010:014
SUSE openSUSE-SU-2013:0166
SUSE openSUSE-SU-2012:1648
SUSE openSUSE-SU-2012:1650
UBUNTU USN-980-1
BID 41339
OSVDB 66002
SECUNIA 40427
SECUNIA 41239
VUPEN ADV-2010-2233

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.