CVE-2003-1557

Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters.

Published: Dec 31, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-1557
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
spamassassin / spamassassin	2.40	2.40.x
spamassassin / spamassassin	2.42	2.42.x
spamassassin / spamassassin	2.41	2.41.x
spamassassin / spamassassin	2.43	2.43.x

http://marc.info/?l=bugtraq&m=104342896818777&w=2
http://secunia.com/advisories/7983
http://www.securityfocus.com/archive/1/309912/30/26090/threaded
http://www.securityfocus.com/archive/1/310212/30/26030/threaded
http://www.securityfocus.com/bid/6679
https://exchange.xforce.ibmcloud.com/vulnerabilities/11154

Vulnerability Database

289,871

CVE-2003-1557