CVE-2010-2494
EPSS 4.6%
Description
Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character.
How to fix CVE-2010-2494
To remediate CVE-2010-2494, upgrade the affected package to a fixed version below.
- Debian/bogofilter—upgrade to 1.2.1-3 or later
Is CVE-2010-2494 being exploited?
Low — EPSS is 4.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.2.1-3