Описание
Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters.
Ссылки
- Vendor Advisory
- Patch
- Vendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:spamassassin:spamassassin:2.40:*:*:*:*:*:*:*
cpe:2.3:a:spamassassin:spamassassin:2.41:*:*:*:*:*:*:*
cpe:2.3:a:spamassassin:spamassassin:2.42:*:*:*:*:*:*:*
cpe:2.3:a:spamassassin:spamassassin:2.43:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10935
Средний
7.6 High
CVSS2
Дефекты
CWE-119
Связанные уязвимости
debian
больше 21 года назад
Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, ...
github
больше 3 лет назад
Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters.
EPSS
Процентиль: 93%
0.10935
Средний
7.6 High
CVSS2
Дефекты
CWE-119