Vulnerability Details : CVE-2012-5468
Potential exploit
Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2012-5468
- cpe:2.3:a:bogofilter_project:bogofilter:*:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter_project:bogofilter:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter_project:bogofilter:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter_project:bogofilter:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter_project:bogofilter:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter_project:bogofilter:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter_project:bogofilter:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter_project:bogofilter:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter_project:bogofilter:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter_project:bogofilter:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter_project:bogofilter:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter_project:bogofilter:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter_project:bogofilter:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter_project:bogofilter:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:bogofilter_project:bogofilter:1.2.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-5468
7.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-5468
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2012-5468
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5468
-
https://bugzilla.redhat.com/show_bug.cgi?id=883358
883358 – (CVE-2012-5468) CVE-2012-5468 bogofilter: Heap-based buffer overflow by decoding invalid base64 code (that decodes to incomplete multibyte characters)
-
http://www.openwall.com/lists/oss-security/2012/12/03/13
oss-security - CVE-2012-5468: bogofilter-SA-2012-01
-
http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6973
404 Not FoundPatch
-
http://www.debian.org/security/2012/dsa-2585
Debian -- Security Information -- DSA-2585-1 bogofilter
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:064
mandriva.com
-
http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01
Encountered a 404 errorPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/56804
bogofilter CVE-2012-5468 Heap Memory Corruption Vulnerability
-
http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6975
404 Not FoundExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/80524
Bogolexer component for Bogofilter base64 denial of service CVE-2012-5468 Vulnerability Report
Jump to