CVE-2012-5468

Public Exploit

Description

Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters.

References

Link	Tags
http://www.mandriva.com/security/advisories?name=MDVSA-2013:064	vendor advisory
http://www.openwall.com/lists/oss-security/2012/12/03/13	mailing list
http://secunia.com/advisories/51521	third party advisory vendor advisory
http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01	patch vendor advisory
http://www.securityfocus.com/bid/56804	vdb entry
http://www.debian.org/security/2012/dsa-2585	vendor advisory
https://bugzilla.redhat.com/show_bug.cgi?id=883358
http://secunia.com/advisories/51334	third party advisory vendor advisory
http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6973	patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/80524	vdb entry
http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6975	exploit

Frequently Asked Questions

What is the severity of CVE-2012-5468?: CVE-2012-5468 has been scored as a high severity vulnerability.
How to fix CVE-2012-5468?: To fix CVE-2012-5468, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2012-5468 being actively exploited in the wild?: It is possible that CVE-2012-5468 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~6% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions