FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bogofilter -- heap underrun on malformed base64 input

Affected packages
bogofilter < 1.2.1_2
bogofilter-sqlite < 1.2.1_1
bogofilter-tc < 1.2.1_1

Details

VuXML ID 25ed4ff8-8940-11df-a339-0026189baca3
Discovery 2010-06-28
Entry 2010-07-06

Julius Plenz reports:

I found a bug in the base64_decode function which may cause memory corruption when the function is executed on a malformed base64 encoded string.

If a string starting with an equal-sign is passed to the base64_decode function it triggers a memory corruption that in some cases makes bogofilter crash.

References

CVE Name CVE-2010-2494
URL http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01