Denial of Service in SpamAssassin by Perl via Excessive Email Recipients
CVE-2005-3351

Currently unrated

Key Information:

Vendor: Apache
Status: Spamassassin
Vendor: CVE Published:; 20 November 2005

Summary

An identified flaw in SpamAssassin 3.0.4 enables attackers to circumvent spam detection mechanisms. By sending an email containing a large number of recipients in the 'To' field, it triggers a bus error in the Perl interpreter. This failure may result in a Denial of Service, effectively disrupting the email processing capabilities of the affected system. Users of this version are advised to apply updates or patches to mitigate potential exploitation.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/23048

vdb-entryx_refsource_XF

http://secunia.com/advisories/17518/

third-party-advisoryx_refsource_SECUNIA

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4570

x_refsource_MISC

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 20, 2005
Vulnerability Reserved
Oct 27, 2005