5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.214 Low
EPSS
Percentile
96.5%
SpamAssassin is an extensible email filter which is used to identify junk email. Vipul’s Razor is a client for a distributed, collaborative spam detection and filtering network.
SpamAssassin and Vipul’s Razor contain a Denial of Service vulnerability when handling special misformatted long message headers.
By sending a specially crafted message an attacker could cause a Denial of Service attack against the SpamAssassin/Vipul’s Razor server.
There is no known workaround at this time.
All SpamAssassin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.0.4"
All Vipul’s Razor users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-filter/razor-2.74"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | mail-filter/spamassassin | < 3.0.4 | UNKNOWN |
Gentoo | any | all | mail-filter/razor | < 2.74 | UNKNOWN |