MidnightBSD

Advisories for bogofilter

CVE-2002-2267 HIGH

bogopass in bogofilter 0.9.0.4 allows local users to overwrite arbitrary files via a symlink attack on the bogopass temporary file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bogofilter bogopass_email_filter 0.9.0.4
CVE-2004-1007 MEDIUM

The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bogofilter email_filter 0.9.0.4
bogofilter email_filter 0.92.7
bogofilter email_filter 0.9.0.5
bogofilter email_filter 0.92.4
bogofilter email_filter 0.92.6
ubuntu ubuntu_linux 4.1
bogofilter email_filter 0.92
bogofilter email_filter 0.9.0.3
CVE-2005-4591 HIGH

Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "invalid input sequences" that lead to heap corruption when bogofilter or bogolexer converts character sets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bogofilter email_filter 0.96.2
bogofilter email_filter 0.93.5
bogofilter email_filter 0.95.2
bogofilter email_filter 0.94.12
bogofilter email_filter 0.94.14
CVE-2005-4592 HIGH

Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via words that are longer than the input buffer used by flex.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bogofilter email_filter 0.96.2
bogofilter email_filter 0.93.5
bogofilter email_filter 0.95.2
bogofilter email_filter 0.94.12
bogofilter email_filter 0.94.14
CVE-2010-2494 MEDIUM

Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
bogofilter bogofilter 1.1.3
bogofilter bogofilter 1.0.0
bogofilter bogofilter 1.1.4
bogofilter bogofilter 1.0.2
bogofilter bogofilter *
bogofilter bogofilter 1.1.6
bogofilter bogofilter 1.0.3
bogofilter bogofilter 1.2.0
bogofilter bogofilter 1.0.1
bogofilter bogofilter 1.1.1
bogofilter bogofilter 1.1.5
bogofilter bogofilter 1.1.2
bogofilter bogofilter 1.1.0
bogofilter bogofilter 1.1.7