CVE-2010-2494

Publication date 8 July 2010

Last updated 24 July 2024

Ubuntu priority

Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
bogofilter	10.04 LTS lucid	Fixed 1.2.1-0ubuntu1.1
	9.10 karmic	Fixed 1.2.0-3ubuntu1.1
	9.04 jaunty	Fixed 1.1.7-1ubuntu1.1
	8.04 LTS hardy	Fixed 1.1.5-2ubuntu5.1
	6.06 LTS dapper	Ignored

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
bogofilter	Upstream: http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/src/base64.c?view=patch&r1=6906&r2=6903 Upstream: http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6905

References

Related Ubuntu Security Notices (USN)

USN-980-1
bogofilter vulnerability
31 August 2010

CVE-2010-2494

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references