>> Bogofilter Unicode Database and Bogolexer Denial of Service Issues
Title : Bogofilter Unicode Database and Bogolexer Denial of Service Issues VUPEN ID : VUPEN/ADV-2006-0100 CVE ID : CVE-2005-4591 - CVE-2005-4592
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-01-09
Technical Description
Two vulnerabilities were identified in Bogofilter, which could be exploited by attackers to cause a denial of service.
The first issue is due to a heap overflow error in bogofilter and bogolexer (if used with an unicode database) when converting character sets, which could be exploited by attackers to crash a vulnerable server by sending an email containing a specially crafted binary attachment.
The second flaw is due to a heap overflow error in bogofilter and bogolexer when processing inputs containing overly long words (more than 16,384 bytes), which could be exploited to cause a denial of service.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
