bogopass in bogofilter 0.9.0.4 allows local users to overwrite arbitrary files via a symlink attack on the bogopass temporary file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| bogofilter | bogopass_email_filter | 0.9.0.4 |
The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| bogofilter | email_filter | 0.9.0.4 |
| bogofilter | email_filter | 0.92.7 |
| bogofilter | email_filter | 0.9.0.5 |
| bogofilter | email_filter | 0.92.4 |
| bogofilter | email_filter | 0.92.6 |
| ubuntu | ubuntu_linux | 4.1 |
| bogofilter | email_filter | 0.92 |
| bogofilter | email_filter | 0.9.0.3 |
Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "invalid input sequences" that lead to heap corruption when bogofilter or bogolexer converts character sets.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| bogofilter | email_filter | 0.96.2 |
| bogofilter | email_filter | 0.93.5 |
| bogofilter | email_filter | 0.95.2 |
| bogofilter | email_filter | 0.94.12 |
| bogofilter | email_filter | 0.94.14 |
Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via words that are longer than the input buffer used by flex.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| bogofilter | email_filter | 0.96.2 |
| bogofilter | email_filter | 0.93.5 |
| bogofilter | email_filter | 0.95.2 |
| bogofilter | email_filter | 0.94.12 |
| bogofilter | email_filter | 0.94.14 |
Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| bogofilter | bogofilter | 1.1.3 |
| bogofilter | bogofilter | 1.0.0 |
| bogofilter | bogofilter | 1.1.4 |
| bogofilter | bogofilter | 1.0.2 |
| bogofilter | bogofilter | * |
| bogofilter | bogofilter | 1.1.6 |
| bogofilter | bogofilter | 1.0.3 |
| bogofilter | bogofilter | 1.2.0 |
| bogofilter | bogofilter | 1.0.1 |
| bogofilter | bogofilter | 1.1.1 |
| bogofilter | bogofilter | 1.1.5 |
| bogofilter | bogofilter | 1.1.2 |
| bogofilter | bogofilter | 1.1.0 |
| bogofilter | bogofilter | 1.1.7 |