Stack-Based Buffer Overflow in Mutt and NeoMutt Email Clients
CVE-2018-14350

9.8CRITICAL

Key Information:

Vendor

Mutt

Status
Mutt
Neomutt
Vendor
CVE Published:
17 July 2018

What is CVE-2018-14350?

A stack-based buffer overflow vulnerability has been identified in Mutt and NeoMutt email clients. This issue arises from the handling of an overly long INTERNALDATE field in the FETCH response, potentially allowing an attacker to execute arbitrary code. Users of Mutt versions prior to 1.10.1 and NeoMutt versions released before July 16, 2018, are advised to update their software promptly to safeguard against this security flaw. Comprehensive patches and updates are available from their respective maintainers.

References

http://www.securityfocus.com/bid/104931
vdb-entryx_refsource_BID
https://usn.ubuntu.com/3719-3/
vendor-advisoryx_refsource_UBUNTU
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.