spamassassin is vulnerable to denial of service. An attacker is able to crash the application using certain unclosed tags in emails that causes markup to be incorrectly handled and resulting in a scan timeout.
CPE | Name | Operator | Version |
---|---|---|---|
spamassassin:buster | eq | 3.4.2-1+deb10u2 | |
spamassassin:buster | eq | 3.4.2-1+deb10u2 |
www.securityfocus.com/bid/105347
access.redhat.com/errata/RHSA-2018:2916
lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E
lists.debian.org/debian-lts-announce/2018/11/msg00016.html
security-tracker.debian.org/tracker/CVE-2017-15705
security.gentoo.org/glsa/201812-07
usn.ubuntu.com/3811-1/
usn.ubuntu.com/3811-2/