Aggregates CVE and security vulnerability intelligence across all spamassassin-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow and vendor risk denial of service and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2007-2873 | SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd. | [email protected] | 1.9 | 0.07% | 2007-06-11 | 2026-04-23 |
| CVE-2004-0796 | SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to cause a denial of service via certain malformed messages. | [email protected] | 5.0 | 1.34% | 2004-10-20 | 2026-04-16 |
| CVE-2003-1557 | Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters. | [email protected] | 7.6 | 10.94% | 2003-12-31 | 2026-04-16 |