FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bogofilter -- heap corruption through excessively long words

Affected packages
0.96.2 <= bogofilter < 0.96.3


VuXML ID b747b2a9-7be0-11da-8ec4-0002b3b60e4c
Discovery 2005-10-23
Entry 2006-01-07

Matthias Andree reports:

Bogofilter's/bogolexer's input handling in version 0.96.2 was not keeping track of its output buffers properly and could overrun a heap buffer if the input contained words whose length exceeded 16,384 bytes, the size of flex's input buffer. A "word" here refers to a contiguous run of input octets that was not '_' and did not match at least one of ispunct(), iscntrl() or isspace().


CVE Name CVE-2005-4592