FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bogofilter -- RFC 2047 decoder denial-of-service vulnerability

Affected packages
0.17.4 <= bogofilter < 0.92.8
0.17.4 <= bogofilter-qdbm < 0.92.8
0.17.4 <= bogofilter-tdb < 0.92.8
0.17.4 <= ru-bogofilter < 0.92.8


VuXML ID f4428842-a583-4a4c-89b7-297c3459a1c3
Discovery 2004-10-09
Entry 2004-10-26
Modified 2015-09-28

The bogofilter team has been provided with a test case of a malformatted (non-conformant) RFC-2047 encoded word that can cause bogofilter versions 0.92.7 and prior to try to write a NUL byte into a memory location that is either one byte past the end of a flex buffer or to a location that is the negative of the encoded word's start of payload data, causing a segmentation fault.


CVE Name CVE-2004-1007
FreeBSD PR ports/73144