CVE-2012-5468
https://notcve.org/view.php?id=CVE-2012-5468
Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters. Desbordamiento de búfer en memoria dinámica en iconvert.c en el componente bogolexer en Bogofilter anteriores a v1.2.3 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un correo electrónico que contiene una cadena base64 que se decodifica a caracteres multibyte incompletos. • http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01 http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6973 http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6975 http://secunia.com/advisories/51334 http://secunia.com/advisories/51521 http://www.debian.org/security/2012/dsa-2585 http://www.mandriva.com/security/advisories?name=MDVSA-2013:064 http://www.openwall.com/lists/oss-security/2012/12/03/13 http://www.securityfocus.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-2494
https://notcve.org/view.php?id=CVE-2010-2494
Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character. Múltiples desbordamientos inferiores de búfer en el decodificador base64 en base64.c en (1) bogofilter y (2) bogolexer en bogofilter anterior a v1.2.2 permite a atacantes remotos provocar una denegación de servicio (corrupción en la pila de memoria y cuelgue de la aplicación) a través de un mensaje de correo electrónico con datos en base64 no válidos que comienza con un carácter = (igual). • http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01 http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/doc/bogofilter-SA-2010-01?revision=6909&pathrev=6909 http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/src/base64.c?view=patch&r1=6906&r2=6903 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046558.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046590.html http://lists.opensuse.org/opensuse-security-announce/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •