Denial of Service in SpamAssassin by Perl via Excessive Email Recipients
CVE-2005-3351

Currently unrated

Key Information:

Vendor

Apache
Status
Spamassassin
Vendor
CVE Published:
20 November 2005

What is CVE-2005-3351?

An identified flaw in SpamAssassin 3.0.4 enables attackers to circumvent spam detection mechanisms. By sending an email containing a large number of recipients in the 'To' field, it triggers a bus error in the Perl interpreter. This failure may result in a Denial of Service, effectively disrupting the email processing capabilities of the affected system. Users of this version are advised to apply updates or patches to mitigate potential exploitation.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/23048
vdb-entryx_refsource_XF
http://secunia.com/advisories/17518/
third-party-advisoryx_refsource_SECUNIA
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4570
x_refsource_MISC

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.