GoogleOSV:USN-4899-1

HistoryApr 01, 2021 - 12:00 p.m.

spamassassin vulnerability

2021-04-0112:00:50

Google

osv.dev

9.6 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.6%

JSON

Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF
files. If a user or automated system were tricked into using a specially-
crafted CF file, a remote attacker could possibly run arbitrary code.

References

ubuntu.com/security/CVE-2020-1946

ubuntu.com/security/notices/USN-4899-1

nessus

Debian DLA-2615-1 : spamassassin security update

2021-04-02 00:00:00

FreeBSD : spamassassin -- Malicious rule configuration (.cf) files can be configured to run system commands (ec04f3d0-8cd9-11eb-bb9f-206a8a720317)

2021-03-26 00:00:00

Oracle Linux 8 : spamassassin (ELSA-2021-4315)

2021-11-17 00:00:00

fedora

[SECURITY] Fedora 33 Update: spamassassin-3.4.5-1.fc33

2021-04-04 01:08:25

[SECURITY] Fedora 34 Update: spamassassin-3.4.5-1.fc34

2021-03-31 00:18:05

[SECURITY] Fedora 32 Update: spamassassin-3.4.5-1.fc32

2021-04-04 00:48:10

openvas

Fedora: Security Advisory for spamassassin (FEDORA-2021-5a4377797c)

2021-04-04 00:00:00

Fedora: Security Advisory for spamassassin (FEDORA-2021-bf06dcffa8)

2021-03-31 00:00:00

Debian: Security Advisory (DSA-4879-1)

2021-03-29 00:00:00

osv

Moderate: spamassassin security update

2021-11-09 08:58:53

spamassassin - security update

2021-03-27 00:00:00

spamassassin vulnerability

2021-04-12 12:21:53

ubuntu

SpamAssassin vulnerability

2021-04-01 00:00:00

SpamAssassin vulnerability

2021-04-12 00:00:00

ubuntucve

CVE-2020-1946

2020-12-31 00:00:00

redhat

(RHSA-2021:4315) Moderate: spamassassin security update

2021-11-09 08:58:53

gentoo

SpamAssassin: Arbitrary command execution

2021-05-26 00:00:00

cve

CVE-2020-1946

2021-03-25 10:15:11

freebsd

spamassassin -- Malicious rule configuration (.cf) files can be configured to run system commands

2021-03-24 00:00:00

mageia

Updated spamassassin packages fix security vulnerability

2021-04-12 22:59:59

alpinelinux

CVE-2020-1946

2021-03-25 10:15:11

debian

[SECURITY] [DSA 4879-1] spamassassin security update

2021-03-27 17:18:19

[SECURITY] [DLA 2615-1] spamassassin security update

2021-04-01 21:28:48

[SECURITY] [DSA 4879-1] spamassassin security update

2021-03-27 17:18:19

redos

ROS-2-918

2021-09-08 00:00:00

ROS-2-554

2021-09-08 00:00:00

ROS-2-673

2021-09-08 00:00:00

nvd

CVE-2020-1946

2021-03-25 10:15:11

prion

Design/Logic Flaw

2021-03-25 10:15:00

cvelist

CVE-2020-1946 Apache SpamAssassin has an OS Command Injection vulnerability

2021-03-25 09:20:11

altlinux

Security fix for the ALT Linux 9 package spamassassin version 3.4.5-alt1

2021-03-29 00:00:00

veracode

Command Injection

2021-03-28 05:51:06

almalinux

Moderate: spamassassin security update

2021-11-09 08:58:53

debiancve

CVE-2020-1946

2021-03-25 10:15:11

amazon

Medium: spamassassin

2021-05-20 16:55:00

rocky

spamassassin security update

2021-11-09 08:58:53

redhatcve

CVE-2020-1946

2021-03-25 17:52:55

oraclelinux

spamassassin security update

2021-11-16 00:00:00

suse

Security update for spamassassin (important)

2021-04-14 00:00:00

rosalinux

Advisory ROSA-SA-2021-1973

2021-07-02 18:08:24

spamassassin vulnerability

References

Related