Integer Underflow Issue in Mutt and NeoMutt Email Clients
CVE-2018-14353

9.8CRITICAL

Key Information:

Vendor

Mutt

Status
Mutt
Neomutt
Vendor
CVE Published:
17 July 2018

What is CVE-2018-14353?

Mutt and NeoMutt are susceptible to an integer underflow issue, specifically in the imap_quote_string function found in imap/util.c. This technical flaw could create vulnerabilities in how email data is processed, potentially enabling attackers to exploit it to execute unauthorized commands or manipulate data within the email client. Users of affected versions are highly encouraged to update to the latest patches to mitigate security risks.

References

https://usn.ubuntu.com/3719-3/
vendor-advisoryx_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4277
vendor-advisoryx_refsource_DEBIAN
https://gitlab.com/muttmua/mutt/commit/e0131852c605910793...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.