Directory Traversal Vulnerability in Mutt and NeoMutt
CVE-2018-14362

9.8CRITICAL

Key Information:

Vendor

Mutt

Status
Mutt
Neomutt
Vendor
CVE Published:
17 July 2018

What is CVE-2018-14362?

An issue was identified in Mutt before version 1.10.1 and NeoMutt prior to July 16, 2018, where the pop.c file fails to properly validate characters in message-cache pathnames. This oversight permits directory traversal attacks, potentially allowing an attacker to manipulate or access restricted system files by using certain characters like '/'. Users of these email clients should update to the latest versions to mitigate this vulnerability.

References

https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47...
x_refsource_MISC
https://access.redhat.com/errata/RHSA-2018:2526
vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3719-3/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.