CVE-2005-2431

Name	CVE-2005-2431
Description	The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb).
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	328224

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
gforge	source	(unstable)	4.5.14-2	unimportant		328224

Notes

Direct flooding is possible as well in most circumstances.
(Upstream fix was in gforge 4.5.0.1.)