Fluid Attacks Database

Description

Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	bogofilter	>=0 <1.2.1-3	1.2.1-3
debian 12	bogofilter	>=0 <1.2.1-3	1.2.1-3
debian 13	bogofilter	>=0 <1.2.1-3	1.2.1-3
debian 14	bogofilter	>=0 <1.2.1-3	1.2.1-3

Aliases

1. CVE-2010-24942. NVD-2010-24943. OSV-DEBIAN-2010-24944. OSV-2010-24945. SECURITY-TRACKER-CVE-2010-2494

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.