FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
25ed4ff8-8940-11df-a339-0026189baca3bogofilter -- heap underrun on malformed base64 input

Julius Plenz reports:

I found a bug in the base64_decode function which may cause memory corruption when the function is executed on a malformed base64 encoded string.

If a string starting with an equal-sign is passed to the base64_decode function it triggers a memory corruption that in some cases makes bogofilter crash.


Discovery 2010-06-28
Entry 2010-07-06
bogofilter
< 1.2.1_2

bogofilter-sqlite
< 1.2.1_1

bogofilter-tc
< 1.2.1_1

CVE-2010-2494
http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01
92140bc9-7bde-11da-8ec4-0002b3b60e4cbogofilter -- heap corruption through malformed input

Matthias Andree reports:

When using Unicode databases (default in more recent bogofilter installations), upon encountering invalid input sequences, bogofilter or bogolexer could overrun a malloc()'d buffer, corrupting the heap, while converting character sets. Bogofilter would usually be processing untrusted data received from the network at that time.

This problem was aggravated by an unrelated bug that made bogofilter process binary attachments as though they were text, and attempt charset conversion on them. Given the MIME default character set, US-ASCII, all input octets in the range 0x80...0xff were considered invalid input sequences and could trigger the heap corruption.


Discovery 2005-10-22
Entry 2006-01-07
bogofilter
ge 0.93.5 lt 0.96.3

CVE-2005-4591
http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01
b747b2a9-7be0-11da-8ec4-0002b3b60e4cbogofilter -- heap corruption through excessively long words

Matthias Andree reports:

Bogofilter's/bogolexer's input handling in version 0.96.2 was not keeping track of its output buffers properly and could overrun a heap buffer if the input contained words whose length exceeded 16,384 bytes, the size of flex's input buffer. A "word" here refers to a contiguous run of input octets that was not '_' and did not match at least one of ispunct(), iscntrl() or isspace().


Discovery 2005-10-23
Entry 2006-01-07
bogofilter
ge 0.96.2 lt 0.96.3

CVE-2005-4592
http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-02
f4428842-a583-4a4c-89b7-297c3459a1c3bogofilter -- RFC 2047 decoder denial-of-service vulnerability

The bogofilter team has been provided with a test case of a malformatted (non-conformant) RFC-2047 encoded word that can cause bogofilter versions 0.92.7 and prior to try to write a NUL byte into a memory location that is either one byte past the end of a flex buffer or to a location that is the negative of the encoded word's start of payload data, causing a segmentation fault.


Discovery 2004-10-09
Entry 2004-10-26
Modified 2015-09-28
bogofilter
bogofilter-qdbm
bogofilter-tdb
ru-bogofilter
ge 0.17.4 lt 0.92.8

ports/73144
CVE-2004-1007
http://article.gmane.org/gmane.mail.bogofilter.devel/3308
http://article.gmane.org/gmane.mail.bogofilter.devel/3317
http://bugs.debian.org/275373
http://bogofilter.sourceforge.net/security/bogofilter-SA-2004-01
f524d8e0-3d83-11e2-807a-080027ef73ecbogofilter -- heap corruption by invalid base64 input

David Relson reports:

Fix a heap corruption in base64 decoder on invalid input. Analysis and patch by Julius Plenz, [FU Berlin, Germany].


Discovery 2012-10-17
Entry 2012-12-03
bogofilter
< 1.2.3

bogofilter-sqlite
< 1.2.3

bogofilter-tc
< 1.2.3

CVE-2012-5468
http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01