5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.214 Low
EPSS
Percentile
96.5%
Apache SpamAssassin Security Team reports:
Apache SpamAssassin 3.0.4 was recently released, and
fixes a denial of service vulnerability in versions 3.0.1, 3.0.2,
and 3.0.3. The vulnerability allows certain misformatted
long message headers to cause spam checking to
take a very long time.
While the exploit has yet to be seen in the wild,
we are concerned that there may be attempts to abuse
the vulnerability in the future. Therefore, we strongly
recommend all users of these versions upgrade to
Apache SpamAssassin 3.0.4 as soon as possible.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | p5-mail-spamassassin | = 3.0.1 | UNKNOWN |
FreeBSD | any | noarch | p5-mail-spamassassin | < 3.0.4 | UNKNOWN |