A flaw was found in the way SpamAssassin processes HTML email containing unclosed HTML tags. A carefully crafted mail message could cause SpamAssassin to consume significant resources. If a large number of these messages are sent, a denial of service could occur potentially delaying or preventing the delivery of email.
Apache SpamAssassin before version 3.4.2 is vulnerable to a denial of service in the handling of crafted email. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts.
Created spamassassin tracking bugs for this issue:
Affects: fedora-all [bug 1629522]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:2916 https://access.redhat.com/errata/RHSA-2018:2916