A flaw was found in bogofilter's/bogolexer's base64 where it could overwrite memory before its heap buffer, if the base64 input started with an equals sign, such as through misdeclaration of quoted-printable as base64. This would cause bogofilter/bogolexer to corrupt their heap and crash upon receiving such an email message. Something is wrong with the bogofilter home page, the original referenced advisory [1] is currently unavailable, however a copy in svn [2] is. This will also be corrected in upstream version 1.2.2; a patch [3] is available. Please note that upstream version 1.2.2 is not yet available. References: [1] http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01 [2] http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/doc/bogofilter-SA-2010-01?view=markup&pathrev=6909 [3] http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/src/base64.c?view=patch&r1=6906&r2=6903 This affects bogofilter as shipped in Fedora 12 and 13, as well as EPEL5.
Created bogofilter tracking bugs for this issue Affects: fedora-all [bug 611552]
This has been given the name CVE-2010-2494.
bogofilter 1.2.2 is in all current versions of Fedora.