CVE-2005-3573

Description

Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).

How to fix CVE-2005-3573

To remediate CVE-2005-3573, upgrade the affected package to a fixed version below.

• Debian/mailman—upgrade to 2.1.5-10 or later
• Debian/mailman—upgrade to 2.1.5-8sarge1 or later

Is CVE-2005-3573 being exploited?

Moderate — EPSS is 5.7%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 2.1.5-10
• from 0, < 2.1.5-8sarge1

References (23)

• ADVISORYpatches.sgi.com/support/free/security/advisories/20060401-01-U
• ADVISORYsecunia.com/advisories/17511
• ADVISORYsecunia.com/advisories/17874
• ADVISORYsecunia.com/advisories/18456
• ADVISORYsecunia.com/advisories/18503