CVE-2003-1557
SpamAssassin 2.40-2.43 - Remote Code Execution via BSMTP Mode Header Parsing
Title source: llmDescription
Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_gentoo
http://www.securityfocus.com/archive/1/309912/30/26090/threaded
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6679
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11154
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104342896818777&w=2
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/310212/30/26030/threaded
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/7983
Scores
EPSS
0.0456
EPSS Percentile
90.5%
Details
CWE
CWE-119
Status
published
Products (4)
spamassassin/spamassassin
2.40
spamassassin/spamassassin
2.41
spamassassin/spamassassin
2.42
spamassassin/spamassassin
2.43
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026