CVE-2010-2494

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character.

Múltiples desbordamientos inferiores de búfer en el decodificador base64 en base64.c en (1) bogofilter y (2) bogolexer en bogofilter anterior a v1.2.2 permite a atacantes remotos provocar una denegación de servicio (corrupción en la pila de memoria y cuelgue de la aplicación) a través de un mensaje de correo electrónico con datos en base64 no válidos que comienza con un carácter = (igual).

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-06-28 CVE Reserved
2010-07-08 CVE Published
2023-03-07 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (20)

URL	Tag	Source
http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01	X_refsource_confirm
http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/doc/bogofilter-SA-2010-01?revision=6909&pathrev=6909	X_refsource_confirm
http://marc.info/?l=oss-security&m=127814747231102&w=2	Mailing List
http://marc.info/?l=oss-security&m=127831760712436&w=2	Mailing List
http://marc.info/?l=oss-security&m=127844323105405&w=2	Mailing List
http://secunia.com/advisories/41239	Third Party Advisory
http://www.osvdb.org/66002	Vdb Entry
http://www.securityfocus.com/bid/41339	Vdb Entry
http://www.vupen.com/english/advisories/2010/2233	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=611551	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC
http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/src/base64.c?view=patch&r1=6906&r2=6903	2013-02-14
http://marc.info/?l=oss-security&m=127840569013531&w=2	2013-02-14

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046558.html	2013-02-14
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046590.html	2013-02-14
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html	2013-02-14
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00015.html	2013-02-14
http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00016.html	2013-02-14
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00021.html	2013-02-14
http://secunia.com/advisories/40427	2013-02-14
http://www.ubuntu.com/usn/USN-980-1	2013-02-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bogofilter Search vendor "Bogofilter"		Bogofilter Search vendor "Bogofilter" for product "Bogofilter"				<= 1.2.1 Search vendor "Bogofilter" for product "Bogofilter" and version " <= 1.2.1"		-		Affected
Bogofilter Search vendor "Bogofilter"		Bogofilter Search vendor "Bogofilter" for product "Bogofilter"				1.0.0 Search vendor "Bogofilter" for product "Bogofilter" and version "1.0.0"		-		Affected
Bogofilter Search vendor "Bogofilter"		Bogofilter Search vendor "Bogofilter" for product "Bogofilter"				1.0.1 Search vendor "Bogofilter" for product "Bogofilter" and version "1.0.1"		-		Affected
Bogofilter Search vendor "Bogofilter"		Bogofilter Search vendor "Bogofilter" for product "Bogofilter"				1.0.2 Search vendor "Bogofilter" for product "Bogofilter" and version "1.0.2"		-		Affected
Bogofilter Search vendor "Bogofilter"		Bogofilter Search vendor "Bogofilter" for product "Bogofilter"				1.0.3 Search vendor "Bogofilter" for product "Bogofilter" and version "1.0.3"		-		Affected
Bogofilter Search vendor "Bogofilter"		Bogofilter Search vendor "Bogofilter" for product "Bogofilter"				1.1.0 Search vendor "Bogofilter" for product "Bogofilter" and version "1.1.0"		-		Affected
Bogofilter Search vendor "Bogofilter"		Bogofilter Search vendor "Bogofilter" for product "Bogofilter"				1.1.1 Search vendor "Bogofilter" for product "Bogofilter" and version "1.1.1"		-		Affected
Bogofilter Search vendor "Bogofilter"		Bogofilter Search vendor "Bogofilter" for product "Bogofilter"				1.1.2 Search vendor "Bogofilter" for product "Bogofilter" and version "1.1.2"		-		Affected
Bogofilter Search vendor "Bogofilter"		Bogofilter Search vendor "Bogofilter" for product "Bogofilter"				1.1.3 Search vendor "Bogofilter" for product "Bogofilter" and version "1.1.3"		-		Affected
Bogofilter Search vendor "Bogofilter"		Bogofilter Search vendor "Bogofilter" for product "Bogofilter"				1.1.4 Search vendor "Bogofilter" for product "Bogofilter" and version "1.1.4"		-		Affected
Bogofilter Search vendor "Bogofilter"		Bogofilter Search vendor "Bogofilter" for product "Bogofilter"				1.1.5 Search vendor "Bogofilter" for product "Bogofilter" and version "1.1.5"		-		Affected
Bogofilter Search vendor "Bogofilter"		Bogofilter Search vendor "Bogofilter" for product "Bogofilter"				1.1.6 Search vendor "Bogofilter" for product "Bogofilter" and version "1.1.6"		-		Affected
Bogofilter Search vendor "Bogofilter"		Bogofilter Search vendor "Bogofilter" for product "Bogofilter"				1.1.7 Search vendor "Bogofilter" for product "Bogofilter" and version "1.1.7"		-		Affected
Bogofilter Search vendor "Bogofilter"		Bogofilter Search vendor "Bogofilter" for product "Bogofilter"				1.2.0 Search vendor "Bogofilter" for product "Bogofilter" and version "1.2.0"		-		Affected