CVE-2018-14349

Published: Jul 17, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.

Affected (5)

Products: Debian: Debian Linux · Mutt: Mutt · Neomutt: Neomutt · +1 more

Show all products

Debian: Debian Linux · Mutt: Mutt · Neomutt: Neomutt · Canonical: Ubuntu Linux

1 product

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Mutt Mutt	Before 1.10.1
Neomutt Neomutt	Before 20180716

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

http://www.mutt.org/news.html

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1

Source: cve@mitre.org

PatchThird Party Advisory

https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://neomutt.org/2018/07/16/release

Source: cve@mitre.org

Release NotesVendor Advisory

https://security.gentoo.org/glsa/201810-07

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3719-3/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2018/dsa-4277

Source: cve@mitre.org

Third Party Advisory

http://www.mutt.org/news.html