FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

SpamAssassin -- denial-of-service in tokenize_headers

Affected packages
p5-Mail-SpamAssassin < 2.64


VuXML ID 0d3a5148-f512-11d8-9837-000c41e2cdad
Discovery 2004-08-04
Entry 2004-08-23
Modified 2004-08-28

According to the SpamAssassin 2.64 release announcement:

Security fix prevents a denial of service attack open to certain malformed messages; this DoS affects all SpamAssassin 2.5x and 2.6x versions to date.

The issue appears to be triggered by overly long message headers.


Bugtraq ID 10957
CVE Name CVE-2004-0796