FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

SpamAssassin -- denial-of-service in tokenize_headers

Affected packages
p5-Mail-SpamAssassin < 2.64

Details

VuXML ID 0d3a5148-f512-11d8-9837-000c41e2cdad
Discovery 2004-08-04
Entry 2004-08-23
Modified 2004-08-28

According to the SpamAssassin 2.64 release announcement:

Security fix prevents a denial of service attack open to certain malformed messages; this DoS affects all SpamAssassin 2.5x and 2.6x versions to date.

[source]

The issue appears to be triggered by overly long message headers.

References

Bugtraq ID 10957
CVE Name CVE-2004-0796
Message http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767
URL http://search.cpan.org/src/JMASON/Mail-SpamAssassin-2.64/Changes

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.