Public Date:
1629521: CVE-2017-15705 spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and result in denial of service
A flaw was found in the way SpamAssassin processes HTML email containing unclosed HTML tags. A carefully crafted mail message could cause SpamAssassin to consume significant resources. If a large number of these messages are sent, a denial of service could occur potentially delaying or preventing the delivery of email.

Find out more about CVE-2017-15705 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 7.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (spamassassin) RHSA-2018:2916 2018-10-11

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 spamassassin Will not fix
Red Hat Enterprise Linux 5 spamassassin Will not fix

External References

Last Modified