Vulnerability Details : CVE-2010-2494
Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character.
Vulnerability category: OverflowMemory CorruptionDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-2494
Probability of exploitation activity in the next 30 days: 10.85%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2494
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-2494
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2494
-
http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/src/base64.c?view=patch&r1=6906&r2=6903
404 Not FoundPatch
-
http://marc.info/?l=oss-security&m=127831760712436&w=2
'Re: [oss-security] Request CVE ID for bogofilter base64 decoder' - MARC
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046558.html
[SECURITY] Fedora 13 Update: bogofilter-1.2.2-1.fc13
-
http://marc.info/?l=oss-security&m=127840569013531&w=2
'[oss-security] REPOST: CVE request for bogofilter' - MARCPatch
-
http://www.vupen.com/english/advisories/2010/2233
Webmail | OVH- OVH
-
http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/doc/bogofilter-SA-2010-01?revision=6909&pathrev=6909
404 Not Found
-
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00016.html
[security-announce] openSUSE-SU-2012:1650-1: important: update for bogof
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046590.html
[SECURITY] Fedora 12 Update: bogofilter-1.2.2-1.fc12
-
https://bugzilla.redhat.com/show_bug.cgi?id=611551
611551 – (CVE-2010-2494) CVE-2010-2494 bogofilter: array index underflow/OOB write via invalid input
-
http://www.securityfocus.com/bid/41339
bogofilter Base64 Encoding '=' Character Heap Memory Corruption Vulnerability
-
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00021.html
[security-announce] openSUSE-SU-2013:0166-1: important: update for bogof
-
http://marc.info/?l=oss-security&m=127844323105405&w=2
'Re: [oss-security] Request CVE ID for bogofilter base64 decoder' - MARC
-
http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01
Encountered a 404 error
-
http://marc.info/?l=oss-security&m=127814747231102&w=2
'[oss-security] Request CVE ID for bogofilter base64 decoder heap corruption' - MARC
-
http://www.ubuntu.com/usn/USN-980-1
USN-980-1: bogofilter vulnerability | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:014
-
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00015.html
[security-announce] openSUSE-SU-2012:1648-1: important: update for bogof
Products affected by CVE-2010-2494
- cpe:2.3:a:bogofilter:bogofilter:*:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter:bogofilter:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter:bogofilter:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter:bogofilter:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter:bogofilter:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter:bogofilter:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter:bogofilter:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter:bogofilter:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter:bogofilter:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter:bogofilter:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter:bogofilter:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter:bogofilter:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter:bogofilter:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter:bogofilter:1.0.1:*:*:*:*:*:*:*