bogofilter Base64 Character Set Conversion Denial of Service
bogofilter Base64 Character Set Conversion Denial of Service Vulnerability
Release Date : 2012-12-07
Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch
Software: bogofilter 1.x
A vulnerability has been reported in bogofilter, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the "convert()" function (src/iconvert.c) when converting the character set and can be exploited to cause a heap-based buffer overflow via specially crafted base64 string.
The vulnerability is reported in versions 1.2.2 and prior.
Update to version 1.2.3 (r6973).
Provided and/or discovered by: