Stack-based Buffer Overflow in Mutt and NeoMutt Mail Clients
CVE-2018-14352

9.8CRITICAL

Key Information:

Vendor

Mutt

Status
Mutt
Neomutt
Vendor
CVE Published:
17 July 2018

What is CVE-2018-14352?

A vulnerability was identified in Mutt versions prior to 1.10.1 and NeoMutt versions before July 16, 2018, specifically within the imap_quote_string function located in imap/util.c. This issue arises from the function failing to allocate sufficient space for quote characters, resulting in a stack-based buffer overflow. Exploitation of this vulnerability could lead to unexpected behaviors, including potential execution of arbitrary code, thereby posing risks to the security and integrity of email communications.

References

https://usn.ubuntu.com/3719-3/
vendor-advisoryx_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4277
vendor-advisoryx_refsource_DEBIAN
https://gitlab.com/muttmua/mutt/commit/e0131852c605910793...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.