Type a vendor name or a vulnerability id.



All the vulnerabilites related to Mutt - Mutt
cve-2003-0167
Vulnerability from cvelistv5
Published
2003-03-29 05:00
Modified
2024-08-08 01:43
Severity
Summary
Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.
References
URLTags
http://www.securityfocus.com/bid/7229vdb-entry, x_refsource_BID
http://www.debian.org/security/2003/dsa-274vendor-advisory, x_refsource_DEBIAN
http://www.debian.org/security/2003/dsa-300vendor-advisory, x_refsource_DEBIAN
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:43:36.032Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "7229",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/7229"
          },
          {
            "name": "DSA-274",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-274"
          },
          {
            "name": "DSA-300",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-300"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-03-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2003-05-08T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "7229",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/7229"
        },
        {
          "name": "DSA-274",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-274"
        },
        {
          "name": "DSA-300",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-300"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0167",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "7229",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/7229"
            },
            {
              "name": "DSA-274",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-274"
            },
            {
              "name": "DSA-300",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-300"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0167",
    "datePublished": "2003-03-29T05:00:00",
    "dateReserved": "2003-03-27T00:00:00",
    "dateUpdated": "2024-08-08T01:43:36.032Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-5298
Vulnerability from cvelistv5
Published
2006-10-16 19:00
Modified
2024-08-07 19:48
Severity
Summary
The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.
References
URLTags
http://marc.info/?l=mutt-dev&m=115999486426292&w=2mailing-list, x_refsource_MLIST
http://www.trustix.org/errata/2006/0061/vendor-advisory, x_refsource_TRUSTIX
http://secunia.com/advisories/22640third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22613third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22685third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22686third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-373-1vendor-advisory, x_refsource_UBUNTU
http://www.mandriva.com/security/advisories?name=MDKSA-2006:190vendor-advisory, x_refsource_MANDRIVA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:48:28.687Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=mutt-dev\u0026m=115999486426292\u0026w=2"
          },
          {
            "name": "2006-0061",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2006/0061/"
          },
          {
            "name": "22640",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22640"
          },
          {
            "name": "22613",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22613"
          },
          {
            "name": "22685",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22685"
          },
          {
            "name": "22686",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22686"
          },
          {
            "name": "USN-373-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-373-1"
          },
          {
            "name": "MDKSA-2006:190",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:190"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-10-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=mutt-dev\u0026m=115999486426292\u0026w=2"
        },
        {
          "name": "2006-0061",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2006/0061/"
        },
        {
          "name": "22640",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22640"
        },
        {
          "name": "22613",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22613"
        },
        {
          "name": "22685",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22685"
        },
        {
          "name": "22686",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22686"
        },
        {
          "name": "USN-373-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-373-1"
        },
        {
          "name": "MDKSA-2006:190",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:190"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5298",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=mutt-dev\u0026m=115999486426292\u0026w=2"
            },
            {
              "name": "2006-0061",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2006/0061/"
            },
            {
              "name": "22640",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22640"
            },
            {
              "name": "22613",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22613"
            },
            {
              "name": "22685",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22685"
            },
            {
              "name": "22686",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22686"
            },
            {
              "name": "USN-373-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-373-1"
            },
            {
              "name": "MDKSA-2006:190",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:190"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5298",
    "datePublished": "2006-10-16T19:00:00",
    "dateReserved": "2006-10-16T00:00:00",
    "dateUpdated": "2024-08-07T19:48:28.687Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0078
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:01
Severity
Summary
Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.
References
URLTags
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053vendor-advisory, x_refsource_SLACKWARE
http://bugs.debian.org/126336x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=107696262905039&w=2mailing-list, x_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2004-051.htmlvendor-advisory, x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A811vdb-entry, signature, x_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/15134vdb-entry, x_refsource_XF
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A838vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/bid/9641vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=107651677817933&w=2mailing-list, x_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2004-050.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=107884956930903&w=2mailing-list, x_refsource_BUGTRAQ
http://www.osvdb.org/3918vdb-entry, x_refsource_OSVDB
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010vendor-advisory, x_refsource_MANDRAKE
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txtvendor-advisory, x_refsource_CALDERA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:01:23.755Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSA:2004-043",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/126336"
          },
          {
            "name": "20040215 LNSA-#2004-0001: mutt remote crash",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107696262905039\u0026w=2"
          },
          {
            "name": "RHSA-2004:051",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-051.html"
          },
          {
            "name": "oval:org.mitre.oval:def:811",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A811"
          },
          {
            "name": "mutt-index-menu-bo(15134)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15134"
          },
          {
            "name": "oval:org.mitre.oval:def:838",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A838"
          },
          {
            "name": "9641",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9641"
          },
          {
            "name": "20040211 Mutt-1.4.2 fixes buffer overflow.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107651677817933\u0026w=2"
          },
          {
            "name": "RHSA-2004:050",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-050.html"
          },
          {
            "name": "20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107884956930903\u0026w=2"
          },
          {
            "name": "3918",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/3918"
          },
          {
            "name": "MDKSA-2004:010",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010"
          },
          {
            "name": "CSSA-2004-013.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-02-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-07-17T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SSA:2004-043",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/126336"
        },
        {
          "name": "20040215 LNSA-#2004-0001: mutt remote crash",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107696262905039\u0026w=2"
        },
        {
          "name": "RHSA-2004:051",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-051.html"
        },
        {
          "name": "oval:org.mitre.oval:def:811",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A811"
        },
        {
          "name": "mutt-index-menu-bo(15134)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15134"
        },
        {
          "name": "oval:org.mitre.oval:def:838",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A838"
        },
        {
          "name": "9641",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9641"
        },
        {
          "name": "20040211 Mutt-1.4.2 fixes buffer overflow.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107651677817933\u0026w=2"
        },
        {
          "name": "RHSA-2004:050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-050.html"
        },
        {
          "name": "20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107884956930903\u0026w=2"
        },
        {
          "name": "3918",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/3918"
        },
        {
          "name": "MDKSA-2004:010",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010"
        },
        {
          "name": "CSSA-2004-013.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0078",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SSA:2004-043",
              "refsource": "SLACKWARE",
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053"
            },
            {
              "name": "http://bugs.debian.org/126336",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/126336"
            },
            {
              "name": "20040215 LNSA-#2004-0001: mutt remote crash",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107696262905039\u0026w=2"
            },
            {
              "name": "RHSA-2004:051",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-051.html"
            },
            {
              "name": "oval:org.mitre.oval:def:811",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A811"
            },
            {
              "name": "mutt-index-menu-bo(15134)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15134"
            },
            {
              "name": "oval:org.mitre.oval:def:838",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A838"
            },
            {
              "name": "9641",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9641"
            },
            {
              "name": "20040211 Mutt-1.4.2 fixes buffer overflow.",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107651677817933\u0026w=2"
            },
            {
              "name": "RHSA-2004:050",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-050.html"
            },
            {
              "name": "20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107884956930903\u0026w=2"
            },
            {
              "name": "3918",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/3918"
            },
            {
              "name": "MDKSA-2004:010",
              "refsource": "MANDRAKE",
              "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010"
            },
            {
              "name": "CSSA-2004-013.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0078",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2004-01-19T00:00:00",
    "dateUpdated": "2024-08-08T00:01:23.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-5297
Vulnerability from cvelistv5
Published
2006-10-16 19:00
Modified
2024-08-07 19:48
Severity
Summary
Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.
References
URLTags
http://secunia.com/advisories/25529third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=mutt-dev&m=115999486426292&w=2mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/20733vdb-entry, x_refsource_BID
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10601vdb-entry, signature, x_refsource_OVAL
http://www.trustix.org/errata/2006/0061/vendor-advisory, x_refsource_TRUSTIX
http://secunia.com/advisories/22640third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22613third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22685third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22686third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-373-1vendor-advisory, x_refsource_UBUNTU
http://www.redhat.com/support/errata/RHSA-2007-0386.htmlvendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2006/4176vdb-entry, x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDKSA-2006:190vendor-advisory, x_refsource_MANDRIVA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:48:29.473Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "25529",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25529"
          },
          {
            "name": "[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=mutt-dev\u0026m=115999486426292\u0026w=2"
          },
          {
            "name": "20733",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20733"
          },
          {
            "name": "oval:org.mitre.oval:def:10601",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10601"
          },
          {
            "name": "2006-0061",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2006/0061/"
          },
          {
            "name": "22640",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22640"
          },
          {
            "name": "22613",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22613"
          },
          {
            "name": "22685",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22685"
          },
          {
            "name": "22686",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22686"
          },
          {
            "name": "USN-373-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-373-1"
          },
          {
            "name": "RHSA-2007:0386",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html"
          },
          {
            "name": "ADV-2006-4176",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4176"
          },
          {
            "name": "MDKSA-2006:190",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:190"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-10-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "25529",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25529"
        },
        {
          "name": "[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=mutt-dev\u0026m=115999486426292\u0026w=2"
        },
        {
          "name": "20733",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20733"
        },
        {
          "name": "oval:org.mitre.oval:def:10601",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10601"
        },
        {
          "name": "2006-0061",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2006/0061/"
        },
        {
          "name": "22640",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22640"
        },
        {
          "name": "22613",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22613"
        },
        {
          "name": "22685",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22685"
        },
        {
          "name": "22686",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22686"
        },
        {
          "name": "USN-373-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-373-1"
        },
        {
          "name": "RHSA-2007:0386",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html"
        },
        {
          "name": "ADV-2006-4176",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4176"
        },
        {
          "name": "MDKSA-2006:190",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:190"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5297",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "25529",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25529"
            },
            {
              "name": "[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=mutt-dev\u0026m=115999486426292\u0026w=2"
            },
            {
              "name": "20733",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20733"
            },
            {
              "name": "oval:org.mitre.oval:def:10601",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10601"
            },
            {
              "name": "2006-0061",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2006/0061/"
            },
            {
              "name": "22640",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22640"
            },
            {
              "name": "22613",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22613"
            },
            {
              "name": "22685",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22685"
            },
            {
              "name": "22686",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22686"
            },
            {
              "name": "USN-373-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-373-1"
            },
            {
              "name": "RHSA-2007:0386",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html"
            },
            {
              "name": "ADV-2006-4176",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4176"
            },
            {
              "name": "MDKSA-2006:190",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:190"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5297",
    "datePublished": "2006-10-16T19:00:00",
    "dateReserved": "2006-10-16T00:00:00",
    "dateUpdated": "2024-08-07T19:48:29.473Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-14349
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:21
Severity
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.
References
URLTags
https://usn.ubuntu.com/3719-3/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4277vendor-advisory, x_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.htmlmailing-list, x_refsource_MLIST
https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416x_refsource_MISC
https://security.gentoo.org/glsa/201810-07vendor-advisory, x_refsource_GENTOO
http://www.mutt.org/news.htmlx_refsource_MISC
https://neomutt.org/2018/07/16/releasex_refsource_MISC
https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1x_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:21:41.654Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3719-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-3/"
          },
          {
            "name": "DSA-4277",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4277"
          },
          {
            "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416"
          },
          {
            "name": "GLSA-201810-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-07"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mutt.org/news.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://neomutt.org/2018/07/16/release"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3719-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-3/"
        },
        {
          "name": "DSA-4277",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4277"
        },
        {
          "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416"
        },
        {
          "name": "GLSA-201810-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-07"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mutt.org/news.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://neomutt.org/2018/07/16/release"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14349",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3719-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-3/"
            },
            {
              "name": "DSA-4277",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4277"
            },
            {
              "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
            },
            {
              "name": "https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416"
            },
            {
              "name": "GLSA-201810-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-07"
            },
            {
              "name": "http://www.mutt.org/news.html",
              "refsource": "MISC",
              "url": "http://www.mutt.org/news.html"
            },
            {
              "name": "https://neomutt.org/2018/07/16/release",
              "refsource": "MISC",
              "url": "https://neomutt.org/2018/07/16/release"
            },
            {
              "name": "https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1",
              "refsource": "MISC",
              "url": "https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14349",
    "datePublished": "2018-07-17T17:00:00",
    "dateReserved": "2018-07-17T00:00:00",
    "dateUpdated": "2024-08-05T09:21:41.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-0299
Vulnerability from cvelistv5
Published
2003-05-15 04:00
Modified
2024-08-08 01:50
Severity
Summary
The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors.
References
URLTags
http://marc.info/?l=bugtraq&m=105294024124163&w=2mailing-list, x_refsource_BUGTRAQ
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:50:47.111Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20030514 Buffer overflows in multiple IMAP clients",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20030514 Buffer overflows in multiple IMAP clients",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0299",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030514 Buffer overflows in multiple IMAP clients",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0299",
    "datePublished": "2003-05-15T04:00:00",
    "dateReserved": "2003-05-14T00:00:00",
    "dateUpdated": "2024-08-08T01:50:47.111Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1429
Vulnerability from cvelistv5
Published
2011-03-16 22:00
Modified
2024-08-06 22:28
Severity
Summary
Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.
References
URLTags
http://www.redhat.com/support/errata/RHSA-2011-0959.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/44937third-party-advisory, x_refsource_SECUNIA
http://securityreason.com/securityalert/8143third-party-advisory, x_refsource_SREASON
https://exchange.xforce.ibmcloud.com/vulnerabilities/66015vdb-entry, x_refsource_XF
http://seclists.org/fulldisclosure/2011/Mar/87mailing-list, x_refsource_FULLDISC
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061356.htmlvendor-advisory, x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061353.htmlvendor-advisory, x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061461.htmlvendor-advisory, x_refsource_FEDORA
http://www.securityfocus.com/bid/46803vdb-entry, x_refsource_BID
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:40.835Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2011:0959",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0959.html"
          },
          {
            "name": "44937",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44937"
          },
          {
            "name": "8143",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8143"
          },
          {
            "name": "mutt-smtptls-weak-security(66015)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66015"
          },
          {
            "name": "20110308 Mutt: failure to check server certificate in SMTP TLS connection",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2011/Mar/87"
          },
          {
            "name": "FEDORA-2011-7751",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061356.html"
          },
          {
            "name": "FEDORA-2011-7739",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061353.html"
          },
          {
            "name": "FEDORA-2011-7756",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061461.html"
          },
          {
            "name": "46803",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46803"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2011:0959",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0959.html"
        },
        {
          "name": "44937",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44937"
        },
        {
          "name": "8143",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8143"
        },
        {
          "name": "mutt-smtptls-weak-security(66015)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66015"
        },
        {
          "name": "20110308 Mutt: failure to check server certificate in SMTP TLS connection",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2011/Mar/87"
        },
        {
          "name": "FEDORA-2011-7751",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061356.html"
        },
        {
          "name": "FEDORA-2011-7739",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061353.html"
        },
        {
          "name": "FEDORA-2011-7756",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061461.html"
        },
        {
          "name": "46803",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46803"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1429",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2011:0959",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0959.html"
            },
            {
              "name": "44937",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44937"
            },
            {
              "name": "8143",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8143"
            },
            {
              "name": "mutt-smtptls-weak-security(66015)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66015"
            },
            {
              "name": "20110308 Mutt: failure to check server certificate in SMTP TLS connection",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2011/Mar/87"
            },
            {
              "name": "FEDORA-2011-7751",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061356.html"
            },
            {
              "name": "FEDORA-2011-7739",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061353.html"
            },
            {
              "name": "FEDORA-2011-7756",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061461.html"
            },
            {
              "name": "46803",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46803"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1429",
    "datePublished": "2011-03-16T22:00:00",
    "dateReserved": "2011-03-16T00:00:00",
    "dateUpdated": "2024-08-06T22:28:40.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-14362
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:29
Severity
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.
References
URLTags
https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576x_refsource_MISC
https://access.redhat.com/errata/RHSA-2018:2526vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3719-3/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4277vendor-advisory, x_refsource_DEBIAN
https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59ex_refsource_MISC
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.htmlmailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/201810-07vendor-advisory, x_refsource_GENTOO
http://www.mutt.org/news.htmlx_refsource_MISC
https://neomutt.org/2018/07/16/releasex_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:29:50.136Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576"
          },
          {
            "name": "RHSA-2018:2526",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2526"
          },
          {
            "name": "USN-3719-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-3/"
          },
          {
            "name": "DSA-4277",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4277"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e"
          },
          {
            "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
          },
          {
            "name": "GLSA-201810-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-07"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mutt.org/news.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://neomutt.org/2018/07/16/release"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a \u0027/\u0027 character."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576"
        },
        {
          "name": "RHSA-2018:2526",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2526"
        },
        {
          "name": "USN-3719-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-3/"
        },
        {
          "name": "DSA-4277",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4277"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e"
        },
        {
          "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
        },
        {
          "name": "GLSA-201810-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-07"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mutt.org/news.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://neomutt.org/2018/07/16/release"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14362",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a \u0027/\u0027 character."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576"
            },
            {
              "name": "RHSA-2018:2526",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2526"
            },
            {
              "name": "USN-3719-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-3/"
            },
            {
              "name": "DSA-4277",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4277"
            },
            {
              "name": "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e",
              "refsource": "MISC",
              "url": "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e"
            },
            {
              "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
            },
            {
              "name": "GLSA-201810-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-07"
            },
            {
              "name": "http://www.mutt.org/news.html",
              "refsource": "MISC",
              "url": "http://www.mutt.org/news.html"
            },
            {
              "name": "https://neomutt.org/2018/07/16/release",
              "refsource": "MISC",
              "url": "https://neomutt.org/2018/07/16/release"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14362",
    "datePublished": "2018-07-17T17:00:00",
    "dateReserved": "2018-07-17T00:00:00",
    "dateUpdated": "2024-08-05T09:29:50.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3765
Vulnerability from cvelistv5
Published
2009-10-23 19:00
Modified
2024-09-16 20:22
Severity
Summary
mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
URLTags
http://marc.info/?l=oss-security&m=125369675820512&w=2mailing-list, x_refsource_MLIST
http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.cx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=oss-security&m=125198917018936&w=2mailing-list, x_refsource_MLIST
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:38:30.362Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.c"
          },
          {
            "name": "SUSE-SR:2009:016",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
          },
          {
            "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-10-23T19:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.c"
        },
        {
          "name": "SUSE-SR:2009:016",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
        },
        {
          "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3765",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
            },
            {
              "name": "http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.c",
              "refsource": "CONFIRM",
              "url": "http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.c"
            },
            {
              "name": "SUSE-SR:2009:016",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
            },
            {
              "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3765",
    "datePublished": "2009-10-23T19:00:00Z",
    "dateReserved": "2009-10-23T00:00:00Z",
    "dateUpdated": "2024-09-16T20:22:26.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3766
Vulnerability from cvelistv5
Published
2009-10-23 19:00
Modified
2024-08-07 06:38
Severity
Summary
mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
URLTags
http://www.openwall.com/lists/oss-security/2009/10/26/1mailing-list, x_refsource_MLIST
http://dev.mutt.org/trac/ticket/3087x_refsource_CONFIRM
http://marc.info/?l=oss-security&m=125198917018936&w=2mailing-list, x_refsource_MLIST
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:38:30.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20091026 Re: More CVE-2009-2408 like issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/10/26/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mutt.org/trac/ticket/3087"
          },
          {
            "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-11-11T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20091026 Re: More CVE-2009-2408 like issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/10/26/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mutt.org/trac/ticket/3087"
        },
        {
          "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3766",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20091026 Re: More CVE-2009-2408 like issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/10/26/1"
            },
            {
              "name": "http://dev.mutt.org/trac/ticket/3087",
              "refsource": "CONFIRM",
              "url": "http://dev.mutt.org/trac/ticket/3087"
            },
            {
              "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3766",
    "datePublished": "2009-10-23T19:00:00",
    "dateReserved": "2009-10-23T00:00:00",
    "dateUpdated": "2024-08-07T06:38:30.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-1999-0941
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:55
Severity
Summary
Mutt mail client allows a remote attacker to execute commands via shell metacharacters.
References
URLTags
http://marc.info/?l=bugtraq&m=90221104526154&w=2mailing-list, x_refsource_BUGTRAQ
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T16:55:29.349Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19980728 mutt x.x",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=90221104526154\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "1998-07-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mutt mail client allows a remote attacker to execute commands via shell metacharacters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19980728 mutt x.x",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=90221104526154\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-1999-0941",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mutt mail client allows a remote attacker to execute commands via shell metacharacters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19980728 mutt x.x",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=90221104526154\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-1999-0941",
    "datePublished": "2000-02-04T05:00:00",
    "dateReserved": "1999-12-08T00:00:00",
    "dateUpdated": "2024-08-01T16:55:29.349Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-28896
Vulnerability from cvelistv5
Published
2020-11-23 18:52
Modified
2024-08-04 16:41
Severity
Summary
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.
References
URLTags
https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8fx_refsource_MISC
https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59ax_refsource_MISC
https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06x_refsource_MISC
https://github.com/neomutt/neomutt/releases/tag/20201120x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/11/msg00048.htmlmailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/202101-32vendor-advisory, x_refsource_GENTOO
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:41:00.128Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neomutt/neomutt/releases/tag/20201120"
          },
          {
            "name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2472-1] mutt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html"
          },
          {
            "name": "GLSA-202101-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-27T02:06:12",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neomutt/neomutt/releases/tag/20201120"
        },
        {
          "name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2472-1] mutt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html"
        },
        {
          "name": "GLSA-202101-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-32"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28896",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f"
            },
            {
              "name": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a"
            },
            {
              "name": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06",
              "refsource": "MISC",
              "url": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06"
            },
            {
              "name": "https://github.com/neomutt/neomutt/releases/tag/20201120",
              "refsource": "MISC",
              "url": "https://github.com/neomutt/neomutt/releases/tag/20201120"
            },
            {
              "name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2472-1] mutt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html"
            },
            {
              "name": "GLSA-202101-32",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-32"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-28896",
    "datePublished": "2020-11-23T18:52:13",
    "dateReserved": "2020-11-17T00:00:00",
    "dateUpdated": "2024-08-04T16:41:00.128Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14954
Vulnerability from cvelistv5
Published
2020-06-21 16:55
Modified
2024-08-04 13:00
Severity
Summary
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
References
URLTags
https://www.debian.org/security/2020/dsa-4707vendor-advisory, x_refsource_DEBIAN
http://www.mutt.org/x_refsource_MISC
https://gitlab.com/muttmua/mutt/-/issues/248x_refsource_MISC
http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.htmlx_refsource_MISC
https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4x_refsource_MISC
https://github.com/neomutt/neomutt/releases/tag/20200619x_refsource_MISC
https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639ccx_refsource_MISC
https://www.debian.org/security/2020/dsa-4708vendor-advisory, x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.htmlvendor-advisory, x_refsource_SUSE
https://lists.debian.org/debian-lts-announce/2020/06/msg00039.htmlmailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/06/msg00040.htmlmailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3LXFVPTLK4PNHL6MPKJNJQJ25CH7GLQ/vendor-advisory, x_refsource_FEDORA
https://usn.ubuntu.com/4403-1/vendor-advisory, x_refsource_UBUNTU
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFMEILCBKMZRRZDMUGWLVN4PQQ4VTAZE/vendor-advisory, x_refsource_FEDORA
https://security.gentoo.org/glsa/202007-57vendor-advisory, x_refsource_GENTOO
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:00:52.083Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4707",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4707"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mutt.org/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/-/issues/248"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neomutt/neomutt/releases/tag/20200619"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc"
          },
          {
            "name": "DSA-4708",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4708"
          },
          {
            "name": "openSUSE-SU-2020:0903",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html"
          },
          {
            "name": "openSUSE-SU-2020:0915",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html"
          },
          {
            "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-1] mutt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html"
          },
          {
            "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-2] mutt regression update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html"
          },
          {
            "name": "FEDORA-2020-1cb4c3697b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3LXFVPTLK4PNHL6MPKJNJQJ25CH7GLQ/"
          },
          {
            "name": "USN-4403-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4403-1/"
          },
          {
            "name": "FEDORA-2020-31af2ac7fd",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFMEILCBKMZRRZDMUGWLVN4PQQ4VTAZE/"
          },
          {
            "name": "GLSA-202007-57",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202007-57"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-28T21:06:15",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-4707",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4707"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mutt.org/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/-/issues/248"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neomutt/neomutt/releases/tag/20200619"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc"
        },
        {
          "name": "DSA-4708",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4708"
        },
        {
          "name": "openSUSE-SU-2020:0903",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html"
        },
        {
          "name": "openSUSE-SU-2020:0915",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html"
        },
        {
          "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-1] mutt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html"
        },
        {
          "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-2] mutt regression update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html"
        },
        {
          "name": "FEDORA-2020-1cb4c3697b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3LXFVPTLK4PNHL6MPKJNJQJ25CH7GLQ/"
        },
        {
          "name": "USN-4403-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4403-1/"
        },
        {
          "name": "FEDORA-2020-31af2ac7fd",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFMEILCBKMZRRZDMUGWLVN4PQQ4VTAZE/"
        },
        {
          "name": "GLSA-202007-57",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202007-57"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-14954",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4707",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4707"
            },
            {
              "name": "http://www.mutt.org/",
              "refsource": "MISC",
              "url": "http://www.mutt.org/"
            },
            {
              "name": "https://gitlab.com/muttmua/mutt/-/issues/248",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/-/issues/248"
            },
            {
              "name": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html",
              "refsource": "MISC",
              "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html"
            },
            {
              "name": "https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4"
            },
            {
              "name": "https://github.com/neomutt/neomutt/releases/tag/20200619",
              "refsource": "MISC",
              "url": "https://github.com/neomutt/neomutt/releases/tag/20200619"
            },
            {
              "name": "https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc",
              "refsource": "MISC",
              "url": "https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc"
            },
            {
              "name": "DSA-4708",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4708"
            },
            {
              "name": "openSUSE-SU-2020:0903",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html"
            },
            {
              "name": "openSUSE-SU-2020:0915",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html"
            },
            {
              "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-1] mutt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html"
            },
            {
              "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-2] mutt regression update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html"
            },
            {
              "name": "FEDORA-2020-1cb4c3697b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3LXFVPTLK4PNHL6MPKJNJQJ25CH7GLQ/"
            },
            {
              "name": "USN-4403-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4403-1/"
            },
            {
              "name": "FEDORA-2020-31af2ac7fd",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFMEILCBKMZRRZDMUGWLVN4PQQ4VTAZE/"
            },
            {
              "name": "GLSA-202007-57",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202007-57"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-14954",
    "datePublished": "2020-06-21T16:55:41",
    "dateReserved": "2020-06-21T00:00:00",
    "dateUpdated": "2024-08-04T13:00:52.083Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-9116
Vulnerability from cvelistv5
Published
2014-12-02 16:00
Modified
2024-08-06 13:33
Severity
Summary
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
References
URLTags
https://bugzilla.redhat.com/show_bug.cgi?id=1168463x_refsource_CONFIRM
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.htmlvendor-advisory, x_refsource_SUSE
http://www.securitytracker.com/id/1031266vdb-entry, x_refsource_SECTRACK
http://dev.mutt.org/trac/ticket/3716x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2014/11/27/5mailing-list, x_refsource_MLIST
http://www.mandriva.com/security/advisories?name=MDVSA-2015:078vendor-advisory, x_refsource_MANDRIVA
http://advisories.mageia.org/MGASA-2014-0509.htmlx_refsource_CONFIRM
https://security.gentoo.org/glsa/201701-04vendor-advisory, x_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2014/11/27/9mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/71334vdb-entry, x_refsource_BID
http://www.debian.org/security/2014/dsa-3083vendor-advisory, x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDVSA-2014:245vendor-advisory, x_refsource_MANDRIVA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:33:13.432Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168463"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125"
          },
          {
            "name": "SUSE-SU-2015:0012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.html"
          },
          {
            "name": "1031266",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031266"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mutt.org/trac/ticket/3716"
          },
          {
            "name": "[oss-security] 20141127 CVE request: mutt: heap-based buffer overflow in mutt_substrdup()",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/11/27/5"
          },
          {
            "name": "MDVSA-2015:078",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:078"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0509.html"
          },
          {
            "name": "GLSA-201701-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-04"
          },
          {
            "name": "[oss-security] 20141126 Re: CVE request: mutt: heap-based buffer overflow in mutt_substrdup()",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/11/27/9"
          },
          {
            "name": "71334",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71334"
          },
          {
            "name": "DSA-3083",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3083"
          },
          {
            "name": "MDVSA-2014:245",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:245"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-30T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168463"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125"
        },
        {
          "name": "SUSE-SU-2015:0012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.html"
        },
        {
          "name": "1031266",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031266"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mutt.org/trac/ticket/3716"
        },
        {
          "name": "[oss-security] 20141127 CVE request: mutt: heap-based buffer overflow in mutt_substrdup()",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/11/27/5"
        },
        {
          "name": "MDVSA-2015:078",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:078"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0509.html"
        },
        {
          "name": "GLSA-201701-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-04"
        },
        {
          "name": "[oss-security] 20141126 Re: CVE request: mutt: heap-based buffer overflow in mutt_substrdup()",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/11/27/9"
        },
        {
          "name": "71334",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71334"
        },
        {
          "name": "DSA-3083",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3083"
        },
        {
          "name": "MDVSA-2014:245",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:245"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9116",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1168463",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168463"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125"
            },
            {
              "name": "SUSE-SU-2015:0012",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.html"
            },
            {
              "name": "1031266",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031266"
            },
            {
              "name": "http://dev.mutt.org/trac/ticket/3716",
              "refsource": "CONFIRM",
              "url": "http://dev.mutt.org/trac/ticket/3716"
            },
            {
              "name": "[oss-security] 20141127 CVE request: mutt: heap-based buffer overflow in mutt_substrdup()",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/11/27/5"
            },
            {
              "name": "MDVSA-2015:078",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:078"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0509.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0509.html"
            },
            {
              "name": "GLSA-201701-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-04"
            },
            {
              "name": "[oss-security] 20141126 Re: CVE request: mutt: heap-based buffer overflow in mutt_substrdup()",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/11/27/9"
            },
            {
              "name": "71334",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71334"
            },
            {
              "name": "DSA-3083",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3083"
            },
            {
              "name": "MDVSA-2014:245",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:245"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9116",
    "datePublished": "2014-12-02T16:00:00",
    "dateReserved": "2014-11-26T00:00:00",
    "dateUpdated": "2024-08-06T13:33:13.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-14350
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:21
Severity
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.
References
URLTags
http://www.securityfocus.com/bid/104931vdb-entry, x_refsource_BID
https://usn.ubuntu.com/3719-3/vendor-advisory, x_refsource_UBUNTU
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870x_refsource_MISC
https://www.debian.org/security/2018/dsa-4277vendor-advisory, x_refsource_DEBIAN
https://usn.ubuntu.com/3719-2/vendor-advisory, x_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.htmlmailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/201810-07vendor-advisory, x_refsource_GENTOO
http://www.mutt.org/news.htmlx_refsource_MISC
https://neomutt.org/2018/07/16/releasex_refsource_MISC
https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485x_refsource_MISC
https://usn.ubuntu.com/3719-1/vendor-advisory, x_refsource_UBUNTU
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:21:41.686Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104931",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104931"
          },
          {
            "name": "USN-3719-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-3/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870"
          },
          {
            "name": "DSA-4277",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4277"
          },
          {
            "name": "USN-3719-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-2/"
          },
          {
            "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
          },
          {
            "name": "GLSA-201810-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-07"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mutt.org/news.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://neomutt.org/2018/07/16/release"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485"
          },
          {
            "name": "USN-3719-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "104931",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104931"
        },
        {
          "name": "USN-3719-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-3/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870"
        },
        {
          "name": "DSA-4277",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4277"
        },
        {
          "name": "USN-3719-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-2/"
        },
        {
          "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
        },
        {
          "name": "GLSA-201810-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-07"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mutt.org/news.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://neomutt.org/2018/07/16/release"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485"
        },
        {
          "name": "USN-3719-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14350",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104931",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104931"
            },
            {
              "name": "USN-3719-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-3/"
            },
            {
              "name": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870"
            },
            {
              "name": "DSA-4277",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4277"
            },
            {
              "name": "USN-3719-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-2/"
            },
            {
              "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
            },
            {
              "name": "GLSA-201810-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-07"
            },
            {
              "name": "http://www.mutt.org/news.html",
              "refsource": "MISC",
              "url": "http://www.mutt.org/news.html"
            },
            {
              "name": "https://neomutt.org/2018/07/16/release",
              "refsource": "MISC",
              "url": "https://neomutt.org/2018/07/16/release"
            },
            {
              "name": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485",
              "refsource": "MISC",
              "url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485"
            },
            {
              "name": "USN-3719-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14350",
    "datePublished": "2018-07-17T17:00:00",
    "dateReserved": "2018-07-17T00:00:00",
    "dateUpdated": "2024-08-05T09:21:41.686Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-14352
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:21
Severity
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.
References
URLTags
https://usn.ubuntu.com/3719-3/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4277vendor-advisory, x_refsource_DEBIAN
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865dx_refsource_MISC
https://usn.ubuntu.com/3719-2/vendor-advisory, x_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.htmlmailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/201810-07vendor-advisory, x_refsource_GENTOO
https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4x_refsource_MISC
http://www.mutt.org/news.htmlx_refsource_MISC
https://neomutt.org/2018/07/16/releasex_refsource_MISC
https://usn.ubuntu.com/3719-1/vendor-advisory, x_refsource_UBUNTU
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:21:41.671Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3719-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-3/"
          },
          {
            "name": "DSA-4277",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4277"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d"
          },
          {
            "name": "USN-3719-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-2/"
          },
          {
            "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
          },
          {
            "name": "GLSA-201810-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-07"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mutt.org/news.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://neomutt.org/2018/07/16/release"
          },
          {
            "name": "USN-3719-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3719-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-3/"
        },
        {
          "name": "DSA-4277",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4277"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d"
        },
        {
          "name": "USN-3719-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-2/"
        },
        {
          "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
        },
        {
          "name": "GLSA-201810-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-07"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mutt.org/news.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://neomutt.org/2018/07/16/release"
        },
        {
          "name": "USN-3719-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14352",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3719-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-3/"
            },
            {
              "name": "DSA-4277",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4277"
            },
            {
              "name": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d"
            },
            {
              "name": "USN-3719-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-2/"
            },
            {
              "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
            },
            {
              "name": "GLSA-201810-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-07"
            },
            {
              "name": "https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4",
              "refsource": "MISC",
              "url": "https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4"
            },
            {
              "name": "http://www.mutt.org/news.html",
              "refsource": "MISC",
              "url": "http://www.mutt.org/news.html"
            },
            {
              "name": "https://neomutt.org/2018/07/16/release",
              "refsource": "MISC",
              "url": "https://neomutt.org/2018/07/16/release"
            },
            {
              "name": "USN-3719-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14352",
    "datePublished": "2018-07-17T17:00:00",
    "dateReserved": "2018-07-17T00:00:00",
    "dateUpdated": "2024-08-05T09:21:41.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-14353
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:21
Severity
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.
References
URLTags
https://usn.ubuntu.com/3719-3/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4277vendor-advisory, x_refsource_DEBIAN
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865dx_refsource_MISC
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.htmlmailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/201810-07vendor-advisory, x_refsource_GENTOO
http://www.mutt.org/news.htmlx_refsource_MISC
https://neomutt.org/2018/07/16/releasex_refsource_MISC
https://usn.ubuntu.com/3719-1/vendor-advisory, x_refsource_UBUNTU
https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23x_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:21:41.652Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3719-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-3/"
          },
          {
            "name": "DSA-4277",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4277"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d"
          },
          {
            "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
          },
          {
            "name": "GLSA-201810-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-07"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mutt.org/news.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://neomutt.org/2018/07/16/release"
          },
          {
            "name": "USN-3719-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3719-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-3/"
        },
        {
          "name": "DSA-4277",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4277"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d"
        },
        {
          "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
        },
        {
          "name": "GLSA-201810-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-07"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mutt.org/news.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://neomutt.org/2018/07/16/release"
        },
        {
          "name": "USN-3719-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14353",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3719-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-3/"
            },
            {
              "name": "DSA-4277",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4277"
            },
            {
              "name": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d"
            },
            {
              "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
            },
            {
              "name": "GLSA-201810-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-07"
            },
            {
              "name": "http://www.mutt.org/news.html",
              "refsource": "MISC",
              "url": "http://www.mutt.org/news.html"
            },
            {
              "name": "https://neomutt.org/2018/07/16/release",
              "refsource": "MISC",
              "url": "https://neomutt.org/2018/07/16/release"
            },
            {
              "name": "USN-3719-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-1/"
            },
            {
              "name": "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23",
              "refsource": "MISC",
              "url": "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14353",
    "datePublished": "2018-07-17T17:00:00",
    "dateReserved": "2018-07-17T00:00:00",
    "dateUpdated": "2024-08-05T09:21:41.652Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-14354
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:29
Severity
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.
References
URLTags
https://access.redhat.com/errata/RHSA-2018:2526vendor-advisory, x_refsource_REDHAT
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1dx_refsource_MISC
https://usn.ubuntu.com/3719-3/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4277vendor-advisory, x_refsource_DEBIAN
https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15ebx_refsource_MISC
https://usn.ubuntu.com/3719-2/vendor-advisory, x_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.htmlmailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/201810-07vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/104925vdb-entry, x_refsource_BID
http://www.mutt.org/news.htmlx_refsource_MISC
https://neomutt.org/2018/07/16/releasex_refsource_MISC
https://usn.ubuntu.com/3719-1/vendor-advisory, x_refsource_UBUNTU
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:29:50.150Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2526",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2526"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d"
          },
          {
            "name": "USN-3719-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-3/"
          },
          {
            "name": "DSA-4277",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4277"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb"
          },
          {
            "name": "USN-3719-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-2/"
          },
          {
            "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
          },
          {
            "name": "GLSA-201810-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-07"
          },
          {
            "name": "104925",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104925"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mutt.org/news.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://neomutt.org/2018/07/16/release"
          },
          {
            "name": "USN-3719-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2018:2526",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2526"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d"
        },
        {
          "name": "USN-3719-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-3/"
        },
        {
          "name": "DSA-4277",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4277"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb"
        },
        {
          "name": "USN-3719-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-2/"
        },
        {
          "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
        },
        {
          "name": "GLSA-201810-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-07"
        },
        {
          "name": "104925",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104925"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mutt.org/news.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://neomutt.org/2018/07/16/release"
        },
        {
          "name": "USN-3719-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14354",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2526",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2526"
            },
            {
              "name": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d"
            },
            {
              "name": "USN-3719-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-3/"
            },
            {
              "name": "DSA-4277",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4277"
            },
            {
              "name": "https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb",
              "refsource": "MISC",
              "url": "https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb"
            },
            {
              "name": "USN-3719-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-2/"
            },
            {
              "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
            },
            {
              "name": "GLSA-201810-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-07"
            },
            {
              "name": "104925",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104925"
            },
            {
              "name": "http://www.mutt.org/news.html",
              "refsource": "MISC",
              "url": "http://www.mutt.org/news.html"
            },
            {
              "name": "https://neomutt.org/2018/07/16/release",
              "refsource": "MISC",
              "url": "https://neomutt.org/2018/07/16/release"
            },
            {
              "name": "USN-3719-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14354",
    "datePublished": "2018-07-17T17:00:00",
    "dateReserved": "2018-07-17T00:00:00",
    "dateUpdated": "2024-08-05T09:29:50.150Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0467
Vulnerability from cvelistv5
Published
2014-03-14 15:00
Modified
2024-08-06 09:20
Severity
Summary
Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion.
References
URLTags
http://www.debian.org/security/2014/dsa-2874vendor-advisory, x_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-2147-1vendor-advisory, x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2014-0304.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/66165vdb-entry, x_refsource_BID
http://www.mutt.org/doc/devel/ChangeLogx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://www.securitytracker.com/id/1029919vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.htmlvendor-advisory, x_refsource_SUSE
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:20:17.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-2874",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2874"
          },
          {
            "name": "USN-2147-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2147-1"
          },
          {
            "name": "RHSA-2014:0304",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0304.html"
          },
          {
            "name": "66165",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/66165"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mutt.org/doc/devel/ChangeLog"
          },
          {
            "name": "SUSE-SU-2014:0471",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html"
          },
          {
            "name": "1029919",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029919"
          },
          {
            "name": "openSUSE-SU-2014:0434",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.html"
          },
          {
            "name": "openSUSE-SU-2014:0436",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-29T18:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "DSA-2874",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2874"
        },
        {
          "name": "USN-2147-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2147-1"
        },
        {
          "name": "RHSA-2014:0304",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0304.html"
        },
        {
          "name": "66165",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/66165"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mutt.org/doc/devel/ChangeLog"
        },
        {
          "name": "SUSE-SU-2014:0471",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html"
        },
        {
          "name": "1029919",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029919"
        },
        {
          "name": "openSUSE-SU-2014:0434",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.html"
        },
        {
          "name": "openSUSE-SU-2014:0436",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2014-0467",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-2874",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2874"
            },
            {
              "name": "USN-2147-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2147-1"
            },
            {
              "name": "RHSA-2014:0304",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0304.html"
            },
            {
              "name": "66165",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/66165"
            },
            {
              "name": "http://www.mutt.org/doc/devel/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://www.mutt.org/doc/devel/ChangeLog"
            },
            {
              "name": "SUSE-SU-2014:0471",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html"
            },
            {
              "name": "1029919",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029919"
            },
            {
              "name": "openSUSE-SU-2014:0434",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.html"
            },
            {
              "name": "openSUSE-SU-2014:0436",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2014-0467",
    "datePublished": "2014-03-14T15:00:00",
    "dateReserved": "2013-12-19T00:00:00",
    "dateUpdated": "2024-08-06T09:20:17.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3242
Vulnerability from cvelistv5
Published
2006-06-27 10:00
Modified
2024-08-07 18:23
Severity
Summary
Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server.
References
URLTags
http://secunia.com/advisories/21220third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200606-27.xmlvendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/20895third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21039third-party-advisory, x_refsource_SECUNIA
http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git%3Ba=commit%3Bh=dc0272b749f0e2b102973b7ac43dbd3908507540x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2006-0577.htmlvendor-advisory, x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10826vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/20887third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/2522vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/20810third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:115vendor-advisory, x_refsource_MANDRIVA
https://usn.ubuntu.com/307-1/vendor-advisory, x_refsource_UBUNTU
http://www.trustix.org/errata/2006/0038vendor-advisory, x_refsource_TRUSTIX
http://dev.mutt.org/cgi-bin/viewcvs.cgi/mutt/imap/browse.c?r1=1.34.2.2&r2=1.34.2.3x_refsource_CONFIRM
http://secunia.com/advisories/20854third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21135third-party-advisory, x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472221vendor-advisory, x_refsource_SLACKWARE
http://www.securityfocus.com/bid/18642vdb-entry, x_refsource_BID
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.013-mutt.htmlvendor-advisory, x_refsource_OPENPKG
https://exchange.xforce.ibmcloud.com/vulnerabilities/27428vdb-entry, x_refsource_XF
http://www.debian.org/security/2006/dsa-1108vendor-advisory, x_refsource_DEBIAN
http://www.novell.com/linux/security/advisories/2006_16_sr.htmlvendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/20836third-party-advisory, x_refsource_SECUNIA
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-Uvendor-advisory, x_refsource_SGI
http://securitytracker.com/id?1016482vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/20960third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/438712/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://issues.rpath.com/browse/RPL-471x_refsource_CONFIRM
http://secunia.com/advisories/21124third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/20879third-party-advisory, x_refsource_SECUNIA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:23:20.786Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "21220",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21220"
          },
          {
            "name": "GLSA-200606-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-27.xml"
          },
          {
            "name": "20895",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20895"
          },
          {
            "name": "21039",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21039"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git%3Ba=commit%3Bh=dc0272b749f0e2b102973b7ac43dbd3908507540"
          },
          {
            "name": "RHSA-2006:0577",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0577.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10826",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10826"
          },
          {
            "name": "20887",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20887"
          },
          {
            "name": "ADV-2006-2522",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2522"
          },
          {
            "name": "20810",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20810"
          },
          {
            "name": "MDKSA-2006:115",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:115"
          },
          {
            "name": "USN-307-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/307-1/"
          },
          {
            "name": "2006-0038",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2006/0038"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mutt.org/cgi-bin/viewcvs.cgi/mutt/imap/browse.c?r1=1.34.2.2\u0026r2=1.34.2.3"
          },
          {
            "name": "20854",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20854"
          },
          {
            "name": "21135",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21135"
          },
          {
            "name": "SSA:2006-207-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.472221"
          },
          {
            "name": "18642",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18642"
          },
          {
            "name": "OpenPKG-SA-2006.013",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.013-mutt.html"
          },
          {
            "name": "mutt-imap-namespace-bo(27428)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27428"
          },
          {
            "name": "DSA-1108",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1108"
          },
          {
            "name": "SUSE-SR:2006:016",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
          },
          {
            "name": "20836",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20836"
          },
          {
            "name": "20060701-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U"
          },
          {
            "name": "1016482",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016482"
          },
          {
            "name": "20960",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20960"
          },
          {
            "name": "20060629 rPSA-2006-0116-1 mutt",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/438712/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-471"
          },
          {
            "name": "21124",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21124"
          },
          {
            "name": "20879",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20879"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "21220",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21220"
        },
        {
          "name": "GLSA-200606-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-27.xml"
        },
        {
          "name": "20895",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20895"
        },
        {
          "name": "21039",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21039"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git%3Ba=commit%3Bh=dc0272b749f0e2b102973b7ac43dbd3908507540"
        },
        {
          "name": "RHSA-2006:0577",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0577.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10826",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10826"
        },
        {
          "name": "20887",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20887"
        },
        {
          "name": "ADV-2006-2522",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2522"
        },
        {
          "name": "20810",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20810"
        },
        {
          "name": "MDKSA-2006:115",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:115"
        },
        {
          "name": "USN-307-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/307-1/"
        },
        {
          "name": "2006-0038",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2006/0038"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mutt.org/cgi-bin/viewcvs.cgi/mutt/imap/browse.c?r1=1.34.2.2\u0026r2=1.34.2.3"
        },
        {
          "name": "20854",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20854"
        },
        {
          "name": "21135",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21135"
        },
        {
          "name": "SSA:2006-207-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.472221"
        },
        {
          "name": "18642",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18642"
        },
        {
          "name": "OpenPKG-SA-2006.013",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.013-mutt.html"
        },
        {
          "name": "mutt-imap-namespace-bo(27428)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27428"
        },
        {
          "name": "DSA-1108",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1108"
        },
        {
          "name": "SUSE-SR:2006:016",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
        },
        {
          "name": "20836",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20836"
        },
        {
          "name": "20060701-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U"
        },
        {
          "name": "1016482",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016482"
        },
        {
          "name": "20960",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20960"
        },
        {
          "name": "20060629 rPSA-2006-0116-1 mutt",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/438712/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-471"
        },
        {
          "name": "21124",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21124"
        },
        {
          "name": "20879",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20879"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3242",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "21220",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21220"
            },
            {
              "name": "GLSA-200606-27",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-27.xml"
            },
            {
              "name": "20895",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20895"
            },
            {
              "name": "21039",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21039"
            },
            {
              "name": "http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git;a=commit;h=dc0272b749f0e2b102973b7ac43dbd3908507540",
              "refsource": "CONFIRM",
              "url": "http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git;a=commit;h=dc0272b749f0e2b102973b7ac43dbd3908507540"
            },
            {
              "name": "RHSA-2006:0577",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0577.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10826",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10826"
            },
            {
              "name": "20887",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20887"
            },
            {
              "name": "ADV-2006-2522",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2522"
            },
            {
              "name": "20810",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20810"
            },
            {
              "name": "MDKSA-2006:115",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:115"
            },
            {
              "name": "USN-307-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/307-1/"
            },
            {
              "name": "2006-0038",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2006/0038"
            },
            {
              "name": "http://dev.mutt.org/cgi-bin/viewcvs.cgi/mutt/imap/browse.c?r1=1.34.2.2\u0026r2=1.34.2.3",
              "refsource": "CONFIRM",
              "url": "http://dev.mutt.org/cgi-bin/viewcvs.cgi/mutt/imap/browse.c?r1=1.34.2.2\u0026r2=1.34.2.3"
            },
            {
              "name": "20854",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20854"
            },
            {
              "name": "21135",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21135"
            },
            {
              "name": "SSA:2006-207-01",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.472221"
            },
            {
              "name": "18642",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18642"
            },
            {
              "name": "OpenPKG-SA-2006.013",
              "refsource": "OPENPKG",
              "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.013-mutt.html"
            },
            {
              "name": "mutt-imap-namespace-bo(27428)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27428"
            },
            {
              "name": "DSA-1108",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1108"
            },
            {
              "name": "SUSE-SR:2006:016",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
            },
            {
              "name": "20836",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20836"
            },
            {
              "name": "20060701-01-U",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U"
            },
            {
              "name": "1016482",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016482"
            },
            {
              "name": "20960",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20960"
            },
            {
              "name": "20060629 rPSA-2006-0116-1 mutt",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/438712/100/0/threaded"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-471",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-471"
            },
            {
              "name": "21124",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21124"
            },
            {
              "name": "20879",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20879"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3242",
    "datePublished": "2006-06-27T10:00:00",
    "dateReserved": "2006-06-26T00:00:00",
    "dateUpdated": "2024-08-07T18:23:20.786Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2001-0473
Vulnerability from cvelistv5
Published
2001-09-18 04:00
Modified
2024-08-08 04:21
Severity
Summary
Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.
References
URLTags
http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.htmlmailing-list, x_refsource_BUGTRAQ
http://www.osvdb.org/5615vdb-entry, x_refsource_OSVDB
http://www.redhat.com/support/errata/RHSA-2001-029.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=98473109630421&w=2mailing-list, x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/6235vdb-entry, x_refsource_XF
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000385vendor-advisory, x_refsource_CONECTIVA
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3vendor-advisory, x_refsource_MANDRAKE
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:21:38.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20010320 Trustix Security Advisory - mutt",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html"
          },
          {
            "name": "5615",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/5615"
          },
          {
            "name": "RHSA-2001:029",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2001-029.html"
          },
          {
            "name": "20010315 Immunix OS Security update for mutt",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=98473109630421\u0026w=2"
          },
          {
            "name": "mutt-imap-format-string(6235)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6235"
          },
          {
            "name": "CLA-2001:385",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000385"
          },
          {
            "name": "MDKSA-2001-031",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-03-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2004-09-02T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20010320 Trustix Security Advisory - mutt",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html"
        },
        {
          "name": "5615",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/5615"
        },
        {
          "name": "RHSA-2001:029",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2001-029.html"
        },
        {
          "name": "20010315 Immunix OS Security update for mutt",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=98473109630421\u0026w=2"
        },
        {
          "name": "mutt-imap-format-string(6235)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6235"
        },
        {
          "name": "CLA-2001:385",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000385"
        },
        {
          "name": "MDKSA-2001-031",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-0473",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20010320 Trustix Security Advisory - mutt",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html"
            },
            {
              "name": "5615",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/5615"
            },
            {
              "name": "RHSA-2001:029",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2001-029.html"
            },
            {
              "name": "20010315 Immunix OS Security update for mutt",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=98473109630421\u0026w=2"
            },
            {
              "name": "mutt-imap-format-string(6235)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6235"
            },
            {
              "name": "CLA-2001:385",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000385"
            },
            {
              "name": "MDKSA-2001-031",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-0473",
    "datePublished": "2001-09-18T04:00:00",
    "dateReserved": "2001-05-24T00:00:00",
    "dateUpdated": "2024-08-08T04:21:38.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-1268
Vulnerability from cvelistv5
Published
2007-03-06 20:00
Modified
2024-08-07 12:50
Severity
Summary
Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
References
URLTags
http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.htmlmailing-list, x_refsource_MLIST
http://secunia.com/advisories/24415third-party-advisory, x_refsource_SECUNIA
http://securityreason.com/securityalert/2353third-party-advisory, x_refsource_SREASON
http://www.securityfocus.com/archive/1/461958/30/7710/threadedmailing-list, x_refsource_BUGTRAQ
http://www.coresecurity.com/?action=item&id=1687x_refsource_MISC
http://www.securityfocus.com/archive/1/461958/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/22778vdb-entry, x_refsource_BID
http://www.securitytracker.com/id?1017727vdb-entry, x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2007/0835vdb-entry, x_refsource_VUPEN
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:50:35.130Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html"
          },
          {
            "name": "24415",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24415"
          },
          {
            "name": "2353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2353"
          },
          {
            "name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.coresecurity.com/?action=item\u0026id=1687"
          },
          {
            "name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded"
          },
          {
            "name": "22778",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22778"
          },
          {
            "name": "1017727",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017727"
          },
          {
            "name": "ADV-2007-0835",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0835"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html"
        },
        {
          "name": "24415",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24415"
        },
        {
          "name": "2353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2353"
        },
        {
          "name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.coresecurity.com/?action=item\u0026id=1687"
        },
        {
          "name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded"
        },
        {
          "name": "22778",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22778"
        },
        {
          "name": "1017727",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017727"
        },
        {
          "name": "ADV-2007-0835",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0835"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1268",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME",
              "refsource": "MLIST",
              "url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html"
            },
            {
              "name": "24415",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24415"
            },
            {
              "name": "2353",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2353"
            },
            {
              "name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded"
            },
            {
              "name": "http://www.coresecurity.com/?action=item\u0026id=1687",
              "refsource": "MISC",
              "url": "http://www.coresecurity.com/?action=item\u0026id=1687"
            },
            {
              "name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded"
            },
            {
              "name": "22778",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22778"
            },
            {
              "name": "1017727",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017727"
            },
            {
              "name": "ADV-2007-0835",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0835"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1268",
    "datePublished": "2007-03-06T20:00:00",
    "dateReserved": "2007-03-04T00:00:00",
    "dateUpdated": "2024-08-07T12:50:35.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-0300
Vulnerability from cvelistv5
Published
2003-05-15 04:00
Modified
2024-08-08 01:50
Severity
Summary
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
References
URLTags
http://marc.info/?l=bugtraq&m=105294024124163&w=2mailing-list, x_refsource_BUGTRAQ
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:50:47.085Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20030514 Buffer overflows in multiple IMAP clients",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20030514 Buffer overflows in multiple IMAP clients",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0300",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030514 Buffer overflows in multiple IMAP clients",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0300",
    "datePublished": "2003-05-15T04:00:00",
    "dateReserved": "2003-05-14T00:00:00",
    "dateUpdated": "2024-08-08T01:50:47.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3181
Vulnerability from cvelistv5
Published
2021-01-19 14:30
Modified
2024-08-03 16:45
Severity
Summary
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.
References
URLTags
https://gitlab.com/muttmua/mutt/-/issues/323x_refsource_MISC
https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17x_refsource_MISC
https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19x_refsource_MISC
https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14x_refsource_MISC
http://www.openwall.com/lists/oss-security/2021/01/19/10mailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021/01/msg00017.htmlmailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/202101-25vendor-advisory, x_refsource_GENTOO
https://www.debian.org/security/2021/dsa-4838vendor-advisory, x_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2021/01/27/3mailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2OMLQKAOHPYQA4GI7ZUO6UKCPUHLYO7/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXGWXFO77HBCD3VYEIYHHYU33LYWWWNQ/vendor-advisory, x_refsource_FEDORA
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:45:51.462Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/-/issues/323"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14"
          },
          {
            "name": "[oss-security] 20210119 Re: mutt recipient parsing memory leak",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/19/10"
          },
          {
            "name": "[debian-lts-announce] 20210120 [SECURITY] [DLA 2529-1] mutt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00017.html"
          },
          {
            "name": "GLSA-202101-25",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-25"
          },
          {
            "name": "DSA-4838",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4838"
          },
          {
            "name": "[oss-security] 20210127 glibc iconv crash with ISO-2022-JP-3",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/27/3"
          },
          {
            "name": "FEDORA-2021-a4f016c6c8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2OMLQKAOHPYQA4GI7ZUO6UKCPUHLYO7/"
          },
          {
            "name": "FEDORA-2021-4205e1fc23",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXGWXFO77HBCD3VYEIYHHYU33LYWWWNQ/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-10T02:06:11",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/-/issues/323"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14"
        },
        {
          "name": "[oss-security] 20210119 Re: mutt recipient parsing memory leak",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/19/10"
        },
        {
          "name": "[debian-lts-announce] 20210120 [SECURITY] [DLA 2529-1] mutt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00017.html"
        },
        {
          "name": "GLSA-202101-25",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-25"
        },
        {
          "name": "DSA-4838",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4838"
        },
        {
          "name": "[oss-security] 20210127 glibc iconv crash with ISO-2022-JP-3",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/27/3"
        },
        {
          "name": "FEDORA-2021-a4f016c6c8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2OMLQKAOHPYQA4GI7ZUO6UKCPUHLYO7/"
        },
        {
          "name": "FEDORA-2021-4205e1fc23",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXGWXFO77HBCD3VYEIYHHYU33LYWWWNQ/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-3181",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.com/muttmua/mutt/-/issues/323",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/-/issues/323"
            },
            {
              "name": "https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17"
            },
            {
              "name": "https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19"
            },
            {
              "name": "https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14"
            },
            {
              "name": "[oss-security] 20210119 Re: mutt recipient parsing memory leak",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/01/19/10"
            },
            {
              "name": "[debian-lts-announce] 20210120 [SECURITY] [DLA 2529-1] mutt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00017.html"
            },
            {
              "name": "GLSA-202101-25",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-25"
            },
            {
              "name": "DSA-4838",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4838"
            },
            {
              "name": "[oss-security] 20210127 glibc iconv crash with ISO-2022-JP-3",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/01/27/3"
            },
            {
              "name": "FEDORA-2021-a4f016c6c8",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2OMLQKAOHPYQA4GI7ZUO6UKCPUHLYO7/"
            },
            {
              "name": "FEDORA-2021-4205e1fc23",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXGWXFO77HBCD3VYEIYHHYU33LYWWWNQ/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-3181",
    "datePublished": "2021-01-19T14:30:37",
    "dateReserved": "2021-01-19T00:00:00",
    "dateUpdated": "2024-08-03T16:45:51.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-14351
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:21
Severity
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size.
References
URLTags
https://usn.ubuntu.com/3719-3/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4277vendor-advisory, x_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.htmlmailing-list, x_refsource_MLIST
https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741x_refsource_MISC
https://security.gentoo.org/glsa/201810-07vendor-advisory, x_refsource_GENTOO
http://www.mutt.org/news.htmlx_refsource_MISC
https://neomutt.org/2018/07/16/releasex_refsource_MISC
https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1x_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:21:41.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3719-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-3/"
          },
          {
            "name": "DSA-4277",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4277"
          },
          {
            "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741"
          },
          {
            "name": "GLSA-201810-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-07"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mutt.org/news.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://neomutt.org/2018/07/16/release"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3719-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-3/"
        },
        {
          "name": "DSA-4277",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4277"
        },
        {
          "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741"
        },
        {
          "name": "GLSA-201810-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-07"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mutt.org/news.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://neomutt.org/2018/07/16/release"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14351",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3719-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-3/"
            },
            {
              "name": "DSA-4277",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4277"
            },
            {
              "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
            },
            {
              "name": "https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741",
              "refsource": "MISC",
              "url": "https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741"
            },
            {
              "name": "GLSA-201810-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-07"
            },
            {
              "name": "http://www.mutt.org/news.html",
              "refsource": "MISC",
              "url": "http://www.mutt.org/news.html"
            },
            {
              "name": "https://neomutt.org/2018/07/16/release",
              "refsource": "MISC",
              "url": "https://neomutt.org/2018/07/16/release"
            },
            {
              "name": "https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14351",
    "datePublished": "2018-07-17T17:00:00",
    "dateReserved": "2018-07-17T00:00:00",
    "dateUpdated": "2024-08-05T09:21:41.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14093
Vulnerability from cvelistv5
Published
2020-06-15 04:06
Modified
2024-08-04 12:39
Severity
Summary
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.
References
URLTags
http://www.mutt.orgx_refsource_MISC
https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01x_refsource_MISC
https://www.debian.org/security/2020/dsa-4707vendor-advisory, x_refsource_DEBIAN
https://bugs.gentoo.org/728300x_refsource_MISC
https://www.debian.org/security/2020/dsa-4708vendor-advisory, x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.htmlvendor-advisory, x_refsource_SUSE
https://lists.debian.org/debian-lts-announce/2020/06/msg00039.htmlmailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/06/msg00040.htmlmailing-list, x_refsource_MLIST
https://usn.ubuntu.com/4401-1/vendor-advisory, x_refsource_UBUNTU
https://security.gentoo.org/glsa/202007-57vendor-advisory, x_refsource_GENTOO
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:39:35.895Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mutt.org"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01"
          },
          {
            "name": "DSA-4707",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4707"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/728300"
          },
          {
            "name": "DSA-4708",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4708"
          },
          {
            "name": "openSUSE-SU-2020:0903",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html"
          },
          {
            "name": "openSUSE-SU-2020:0915",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html"
          },
          {
            "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-1] mutt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html"
          },
          {
            "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-2] mutt regression update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html"
          },
          {
            "name": "USN-4401-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4401-1/"
          },
          {
            "name": "GLSA-202007-57",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202007-57"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-28T21:06:14",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mutt.org"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01"
        },
        {
          "name": "DSA-4707",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4707"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.gentoo.org/728300"
        },
        {
          "name": "DSA-4708",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4708"
        },
        {
          "name": "openSUSE-SU-2020:0903",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html"
        },
        {
          "name": "openSUSE-SU-2020:0915",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html"
        },
        {
          "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-1] mutt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html"
        },
        {
          "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-2] mutt regression update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html"
        },
        {
          "name": "USN-4401-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4401-1/"
        },
        {
          "name": "GLSA-202007-57",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202007-57"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-14093",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.mutt.org",
              "refsource": "MISC",
              "url": "http://www.mutt.org"
            },
            {
              "name": "https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01",
              "refsource": "MISC",
              "url": "https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01"
            },
            {
              "name": "DSA-4707",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4707"
            },
            {
              "name": "https://bugs.gentoo.org/728300",
              "refsource": "MISC",
              "url": "https://bugs.gentoo.org/728300"
            },
            {
              "name": "DSA-4708",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4708"
            },
            {
              "name": "openSUSE-SU-2020:0903",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html"
            },
            {
              "name": "openSUSE-SU-2020:0915",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html"
            },
            {
              "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-1] mutt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html"
            },
            {
              "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-2] mutt regression update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html"
            },
            {
              "name": "USN-4401-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4401-1/"
            },
            {
              "name": "GLSA-202007-57",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202007-57"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-14093",
    "datePublished": "2020-06-15T04:06:04",
    "dateReserved": "2020-06-15T00:00:00",
    "dateUpdated": "2024-08-04T12:39:35.895Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-1328
Vulnerability from cvelistv5
Published
2022-04-14 00:00
Modified
2024-08-03 00:03
Severity
4.3 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line
References
URLTags
https://gitlab.com/muttmua/mutt/-/issues/404
https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.json
Impacted products
VendorProduct
MuttMutt
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:03:05.707Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/-/issues/404"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.json"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Mutt",
          "vendor": "Mutt",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e=0.94.13, \u003c2.2.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tavis Ormandy"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper restriction of operations within the bounds of a memory buffer in Mutt",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-10T00:00:00",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/muttmua/mutt/-/issues/404"
        },
        {
          "url": "https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5"
        },
        {
          "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.json"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2022-1328",
    "datePublished": "2022-04-14T00:00:00",
    "dateReserved": "2022-04-12T00:00:00",
    "dateUpdated": "2024-08-03T00:03:05.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14154
Vulnerability from cvelistv5
Published
2020-06-15 16:51
Modified
2024-08-04 12:39
Severity
Summary
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.
References
URLTags
http://www.mutt.orgx_refsource_MISC
http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.htmlx_refsource_MISC
https://bugs.gentoo.org/728300x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.htmlvendor-advisory, x_refsource_SUSE
https://usn.ubuntu.com/4401-1/vendor-advisory, x_refsource_UBUNTU
https://security.gentoo.org/glsa/202007-57vendor-advisory, x_refsource_GENTOO
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:39:36.045Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mutt.org"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/728300"
          },
          {
            "name": "openSUSE-SU-2020:0903",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html"
          },
          {
            "name": "openSUSE-SU-2020:0915",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html"
          },
          {
            "name": "USN-4401-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4401-1/"
          },
          {
            "name": "GLSA-202007-57",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202007-57"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-28T21:06:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mutt.org"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.gentoo.org/728300"
        },
        {
          "name": "openSUSE-SU-2020:0903",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html"
        },
        {
          "name": "openSUSE-SU-2020:0915",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html"
        },
        {
          "name": "USN-4401-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4401-1/"
        },
        {
          "name": "GLSA-202007-57",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202007-57"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-14154",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.mutt.org",
              "refsource": "MISC",
              "url": "http://www.mutt.org"
            },
            {
              "name": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html",
              "refsource": "MISC",
              "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html"
            },
            {
              "name": "https://bugs.gentoo.org/728300",
              "refsource": "MISC",
              "url": "https://bugs.gentoo.org/728300"
            },
            {
              "name": "openSUSE-SU-2020:0903",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html"
            },
            {
              "name": "openSUSE-SU-2020:0915",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html"
            },
            {
              "name": "USN-4401-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4401-1/"
            },
            {
              "name": "GLSA-202007-57",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202007-57"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-14154",
    "datePublished": "2020-06-15T16:51:17",
    "dateReserved": "2020-06-15T00:00:00",
    "dateUpdated": "2024-08-04T12:39:36.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-0001
Vulnerability from cvelistv5
Published
2002-01-03 05:00
Modified
2024-08-08 02:35
Severity
Summary
Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.
References
URLTags
http://online.securityfocus.com/advisories/3778vendor-advisory, x_refsource_HP
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.ascvendor-advisory, x_refsource_FREEBSD
http://www.debian.org/security/2002/dsa-096vendor-advisory, x_refsource_DEBIAN
http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.htmlx_refsource_CONFIRM
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449vendor-advisory, x_refsource_CONECTIVA
http://www.iss.net/security_center/static/7759.phpvdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/3774vdb-entry, x_refsource_BID
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txtvendor-advisory, x_refsource_CALDERA
http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=100994648918287&w=2mailing-list, x_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2002-003.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:35:17.475Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBTL0201-011",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/advisories/3778"
          },
          {
            "name": "FreeBSD-SA-02:04",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc"
          },
          {
            "name": "DSA-096",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2002/dsa-096"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html"
          },
          {
            "name": "CLA-2002:449",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000449"
          },
          {
            "name": "mutt-address-handling-bo(7759)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/7759.php"
          },
          {
            "name": "3774",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3774"
          },
          {
            "name": "CSSA-2002-002.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt"
          },
          {
            "name": "SuSE-SA:2002:001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html"
          },
          {
            "name": "20020101 [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=100994648918287\u0026w=2"
          },
          {
            "name": "RHSA-2002:003",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-01-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "HPSBTL0201-011",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://online.securityfocus.com/advisories/3778"
        },
        {
          "name": "FreeBSD-SA-02:04",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc"
        },
        {
          "name": "DSA-096",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2002/dsa-096"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html"
        },
        {
          "name": "CLA-2002:449",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000449"
        },
        {
          "name": "mutt-address-handling-bo(7759)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/7759.php"
        },
        {
          "name": "3774",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3774"
        },
        {
          "name": "CSSA-2002-002.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt"
        },
        {
          "name": "SuSE-SA:2002:001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html"
        },
        {
          "name": "20020101 [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=100994648918287\u0026w=2"
        },
        {
          "name": "RHSA-2002:003",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-003.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0001",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBTL0201-011",
              "refsource": "HP",
              "url": "http://online.securityfocus.com/advisories/3778"
            },
            {
              "name": "FreeBSD-SA-02:04",
              "refsource": "FREEBSD",
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc"
            },
            {
              "name": "DSA-096",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2002/dsa-096"
            },
            {
              "name": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html",
              "refsource": "CONFIRM",
              "url": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html"
            },
            {
              "name": "CLA-2002:449",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000449"
            },
            {
              "name": "mutt-address-handling-bo(7759)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/7759.php"
            },
            {
              "name": "3774",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3774"
            },
            {
              "name": "CSSA-2002-002.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt"
            },
            {
              "name": "SuSE-SA:2002:001",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html"
            },
            {
              "name": "20020101 [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=100994648918287\u0026w=2"
            },
            {
              "name": "RHSA-2002:003",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-003.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0001",
    "datePublished": "2002-01-03T05:00:00",
    "dateReserved": "2002-01-01T00:00:00",
    "dateUpdated": "2024-08-08T02:35:17.475Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-14356
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:29
Severity
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.
References
URLTags
https://usn.ubuntu.com/3719-3/vendor-advisory, x_refsource_UBUNTU
https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82x_refsource_MISC
https://www.debian.org/security/2018/dsa-4277vendor-advisory, x_refsource_DEBIAN
https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.htmlmailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/201810-07vendor-advisory, x_refsource_GENTOO
http://www.mutt.org/news.htmlx_refsource_MISC
https://neomutt.org/2018/07/16/releasex_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:29:50.099Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3719-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-3/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82"
          },
          {
            "name": "DSA-4277",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4277"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6"
          },
          {
            "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
          },
          {
            "name": "GLSA-201810-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-07"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mutt.org/news.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://neomutt.org/2018/07/16/release"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3719-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-3/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82"
        },
        {
          "name": "DSA-4277",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4277"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6"
        },
        {
          "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
        },
        {
          "name": "GLSA-201810-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-07"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mutt.org/news.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://neomutt.org/2018/07/16/release"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14356",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3719-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-3/"
            },
            {
              "name": "https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82",
              "refsource": "MISC",
              "url": "https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82"
            },
            {
              "name": "DSA-4277",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4277"
            },
            {
              "name": "https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6"
            },
            {
              "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
            },
            {
              "name": "GLSA-201810-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-07"
            },
            {
              "name": "http://www.mutt.org/news.html",
              "refsource": "MISC",
              "url": "http://www.mutt.org/news.html"
            },
            {
              "name": "https://neomutt.org/2018/07/16/release",
              "refsource": "MISC",
              "url": "https://neomutt.org/2018/07/16/release"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14356",
    "datePublished": "2018-07-17T17:00:00",
    "dateReserved": "2018-07-17T00:00:00",
    "dateUpdated": "2024-08-05T09:29:50.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-14359
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:29
Severity
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.
References
URLTags
https://usn.ubuntu.com/3719-3/vendor-advisory, x_refsource_UBUNTU
https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669ax_refsource_MISC
https://www.debian.org/security/2018/dsa-4277vendor-advisory, x_refsource_DEBIAN
https://usn.ubuntu.com/3719-2/vendor-advisory, x_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.htmlmailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/201810-07vendor-advisory, x_refsource_GENTOO
http://www.mutt.org/news.htmlx_refsource_MISC
https://neomutt.org/2018/07/16/releasex_refsource_MISC
https://usn.ubuntu.com/3719-1/vendor-advisory, x_refsource_UBUNTU
https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85x_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:29:50.128Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3719-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-3/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a"
          },
          {
            "name": "DSA-4277",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4277"
          },
          {
            "name": "USN-3719-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-2/"
          },
          {
            "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
          },
          {
            "name": "GLSA-201810-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-07"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mutt.org/news.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://neomutt.org/2018/07/16/release"
          },
          {
            "name": "USN-3719-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3719-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-3/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a"
        },
        {
          "name": "DSA-4277",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4277"
        },
        {
          "name": "USN-3719-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-2/"
        },
        {
          "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
        },
        {
          "name": "GLSA-201810-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-07"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mutt.org/news.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://neomutt.org/2018/07/16/release"
        },
        {
          "name": "USN-3719-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14359",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3719-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-3/"
            },
            {
              "name": "https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a"
            },
            {
              "name": "DSA-4277",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4277"
            },
            {
              "name": "USN-3719-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-2/"
            },
            {
              "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
            },
            {
              "name": "GLSA-201810-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-07"
            },
            {
              "name": "http://www.mutt.org/news.html",
              "refsource": "MISC",
              "url": "http://www.mutt.org/news.html"
            },
            {
              "name": "https://neomutt.org/2018/07/16/release",
              "refsource": "MISC",
              "url": "https://neomutt.org/2018/07/16/release"
            },
            {
              "name": "USN-3719-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-1/"
            },
            {
              "name": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85",
              "refsource": "MISC",
              "url": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14359",
    "datePublished": "2018-07-17T17:00:00",
    "dateReserved": "2018-07-17T00:00:00",
    "dateUpdated": "2024-08-05T09:29:50.128Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-0140
Vulnerability from cvelistv5
Published
2003-03-21 05:00
Modified
2024-08-08 01:43
Severity
Summary
Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder.
References
URLTags
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000626vendor-advisory, x_refsource_CONECTIVA
http://www.redhat.com/support/errata/RHSA-2003-109.htmlvendor-advisory, x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/11583vdb-entry, x_refsource_XF
http://marc.info/?l=bugtraq&m=105171507629573&w=2mailing-list, x_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=104817995421439&w=2mailing-list, x_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=104852190605988&w=2mailing-list, x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=bugtraq&m=104818814931378&w=2mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/7120vdb-entry, x_refsource_BID
http://www.gentoo.org/security/en/glsa/glsa-200303-19.xmlvendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/archive/1/315679mailing-list, x_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A434vdb-entry, signature, x_refsource_OVAL
http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10x_refsource_MISC
http://www.debian.org/security/2003/dsa-268vendor-advisory, x_refsource_DEBIAN
http://www.novell.com/linux/security/advisories/2003_020_mutt.htmlvendor-advisory, x_refsource_SUSE
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000630vendor-advisory, x_refsource_CONECTIVA
http://www.mandriva.com/security/advisories?name=MDKSA-2003:041vendor-advisory, x_refsource_MANDRAKE
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:43:35.807Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "CLA-2003:626",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000626"
          },
          {
            "name": "RHSA-2003:109",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-109.html"
          },
          {
            "name": "mutt-folder-name-bo(11583)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11583"
          },
          {
            "name": "20030430 GLSA:  balsa (200304-10)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=105171507629573\u0026w=2"
          },
          {
            "name": "20030320 [OpenPKG-SA-2003.025] OpenPKG Security Advisory (mutt)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104817995421439\u0026w=2"
          },
          {
            "name": "20030322 GLSA:  mutt (200303-19)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104852190605988\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:2",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2"
          },
          {
            "name": "20030320 CORE-20030304-02: Vulnerability in Mutt Mail User Agent",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104818814931378\u0026w=2"
          },
          {
            "name": "7120",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/7120"
          },
          {
            "name": "GLSA-200303-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-19.xml"
          },
          {
            "name": "20030319 mutt-1.4.1 fixes a buffer overflow.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/315679"
          },
          {
            "name": "oval:org.mitre.oval:def:434",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A434"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.coresecurity.com/common/showdoc.php?idx=310\u0026idxseccion=10"
          },
          {
            "name": "DSA-268",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-268"
          },
          {
            "name": "SuSE-SA:2003:020",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2003_020_mutt.html"
          },
          {
            "name": "CLA-2003:630",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000630"
          },
          {
            "name": "MDKSA-2003:041",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:041"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-03-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "CLA-2003:626",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000626"
        },
        {
          "name": "RHSA-2003:109",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-109.html"
        },
        {
          "name": "mutt-folder-name-bo(11583)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11583"
        },
        {
          "name": "20030430 GLSA:  balsa (200304-10)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=105171507629573\u0026w=2"
        },
        {
          "name": "20030320 [OpenPKG-SA-2003.025] OpenPKG Security Advisory (mutt)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104817995421439\u0026w=2"
        },
        {
          "name": "20030322 GLSA:  mutt (200303-19)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104852190605988\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:2",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2"
        },
        {
          "name": "20030320 CORE-20030304-02: Vulnerability in Mutt Mail User Agent",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104818814931378\u0026w=2"
        },
        {
          "name": "7120",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/7120"
        },
        {
          "name": "GLSA-200303-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-19.xml"
        },
        {
          "name": "20030319 mutt-1.4.1 fixes a buffer overflow.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/315679"
        },
        {
          "name": "oval:org.mitre.oval:def:434",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A434"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.coresecurity.com/common/showdoc.php?idx=310\u0026idxseccion=10"
        },
        {
          "name": "DSA-268",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-268"
        },
        {
          "name": "SuSE-SA:2003:020",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2003_020_mutt.html"
        },
        {
          "name": "CLA-2003:630",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000630"
        },
        {
          "name": "MDKSA-2003:041",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:041"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0140",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "CLA-2003:626",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000626"
            },
            {
              "name": "RHSA-2003:109",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-109.html"
            },
            {
              "name": "mutt-folder-name-bo(11583)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11583"
            },
            {
              "name": "20030430 GLSA:  balsa (200304-10)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=105171507629573\u0026w=2"
            },
            {
              "name": "20030320 [OpenPKG-SA-2003.025] OpenPKG Security Advisory (mutt)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104817995421439\u0026w=2"
            },
            {
              "name": "20030322 GLSA:  mutt (200303-19)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104852190605988\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:2",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2"
            },
            {
              "name": "20030320 CORE-20030304-02: Vulnerability in Mutt Mail User Agent",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104818814931378\u0026w=2"
            },
            {
              "name": "7120",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/7120"
            },
            {
              "name": "GLSA-200303-19",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-19.xml"
            },
            {
              "name": "20030319 mutt-1.4.1 fixes a buffer overflow.",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/315679"
            },
            {
              "name": "oval:org.mitre.oval:def:434",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A434"
            },
            {
              "name": "http://www.coresecurity.com/common/showdoc.php?idx=310\u0026idxseccion=10",
              "refsource": "MISC",
              "url": "http://www.coresecurity.com/common/showdoc.php?idx=310\u0026idxseccion=10"
            },
            {
              "name": "DSA-268",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-268"
            },
            {
              "name": "SuSE-SA:2003:020",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2003_020_mutt.html"
            },
            {
              "name": "CLA-2003:630",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000630"
            },
            {
              "name": "MDKSA-2003:041",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:041"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0140",
    "datePublished": "2003-03-21T05:00:00",
    "dateReserved": "2003-03-13T00:00:00",
    "dateUpdated": "2024-08-08T01:43:35.807Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-4874
Vulnerability from cvelistv5
Published
2023-09-09 14:30
Modified
2024-08-30 15:16
Severity
4.3 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
Undefined Behavior for Input to API in Mutt
References
URLTags
https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch
https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0.patch
Impacted products
VendorProduct
MuttMutt
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:38:00.766Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0.patch"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5494"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/26/6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4874",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-30T15:16:03.661876Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-30T15:16:17.679Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mutt",
          "vendor": "Mutt",
          "versions": [
            {
              "lessThan": "2.2.12",
              "status": "affected",
              "version": "1.5.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Chenyuan Mi, Kevin McCarthy"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Null pointer dereference when viewing a specially crafted email in Mutt \u003e1.5.2 \u003c2.2.12"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-475",
              "description": "CWE-475: Undefined Behavior for Input to API",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-29T15:04:50.443Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch"
        },
        {
          "url": "https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0.patch"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to version 2.2.12"
        }
      ],
      "title": "Undefined Behavior for Input to API in Mutt"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2023-4874",
    "datePublished": "2023-09-09T14:30:29.741Z",
    "dateReserved": "2023-09-09T12:01:09.124Z",
    "dateUpdated": "2024-08-30T15:16:17.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32055
Vulnerability from cvelistv5
Published
2021-05-05 15:06
Modified
2024-08-03 23:17
Severity
Summary
Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.
References
URLTags
https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5x_refsource_MISC
http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.htmlx_refsource_MISC
https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dcx_refsource_MISC
https://security.gentoo.org/glsa/202105-05vendor-advisory, x_refsource_GENTOO
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:17:29.124Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc"
          },
          {
            "name": "GLSA-202105-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202105-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-26T09:06:11",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc"
        },
        {
          "name": "GLSA-202105-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202105-05"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-32055",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5"
            },
            {
              "name": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html",
              "refsource": "MISC",
              "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html"
            },
            {
              "name": "https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc",
              "refsource": "MISC",
              "url": "https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc"
            },
            {
              "name": "GLSA-202105-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202105-05"
            }
          ]
        },
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-32055",
    "datePublished": "2021-05-05T15:06:52",
    "dateReserved": "2021-05-05T00:00:00",
    "dateUpdated": "2024-08-03T23:17:29.124Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-14357
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:29
Severity
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.
References
URLTags
https://access.redhat.com/errata/RHSA-2018:2526vendor-advisory, x_refsource_REDHAT
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1dx_refsource_MISC
https://usn.ubuntu.com/3719-3/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4277vendor-advisory, x_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.htmlmailing-list, x_refsource_MLIST
https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725x_refsource_MISC
https://security.gentoo.org/glsa/201810-07vendor-advisory, x_refsource_GENTOO
http://www.mutt.org/news.htmlx_refsource_MISC
https://neomutt.org/2018/07/16/releasex_refsource_MISC
https://usn.ubuntu.com/3719-1/vendor-advisory, x_refsource_UBUNTU
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:29:50.597Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2526",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2526"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d"
          },
          {
            "name": "USN-3719-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-3/"
          },
          {
            "name": "DSA-4277",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4277"
          },
          {
            "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725"
          },
          {
            "name": "GLSA-201810-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-07"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mutt.org/news.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://neomutt.org/2018/07/16/release"
          },
          {
            "name": "USN-3719-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2018:2526",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2526"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d"
        },
        {
          "name": "USN-3719-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-3/"
        },
        {
          "name": "DSA-4277",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4277"
        },
        {
          "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725"
        },
        {
          "name": "GLSA-201810-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-07"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mutt.org/news.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://neomutt.org/2018/07/16/release"
        },
        {
          "name": "USN-3719-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14357",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2526",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2526"
            },
            {
              "name": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d"
            },
            {
              "name": "USN-3719-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-3/"
            },
            {
              "name": "DSA-4277",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4277"
            },
            {
              "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
            },
            {
              "name": "https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725",
              "refsource": "MISC",
              "url": "https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725"
            },
            {
              "name": "GLSA-201810-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-07"
            },
            {
              "name": "http://www.mutt.org/news.html",
              "refsource": "MISC",
              "url": "http://www.mutt.org/news.html"
            },
            {
              "name": "https://neomutt.org/2018/07/16/release",
              "refsource": "MISC",
              "url": "https://neomutt.org/2018/07/16/release"
            },
            {
              "name": "USN-3719-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14357",
    "datePublished": "2018-07-17T17:00:00",
    "dateReserved": "2018-07-17T00:00:00",
    "dateUpdated": "2024-08-05T09:29:50.597Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-14358
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:29
Severity
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.
References
URLTags
https://usn.ubuntu.com/3719-3/vendor-advisory, x_refsource_UBUNTU
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870x_refsource_MISC
https://www.debian.org/security/2018/dsa-4277vendor-advisory, x_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.htmlmailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/201810-07vendor-advisory, x_refsource_GENTOO
http://www.mutt.org/news.htmlx_refsource_MISC
https://neomutt.org/2018/07/16/releasex_refsource_MISC
https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485x_refsource_MISC
https://usn.ubuntu.com/3719-1/vendor-advisory, x_refsource_UBUNTU
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:29:50.097Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3719-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-3/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870"
          },
          {
            "name": "DSA-4277",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4277"
          },
          {
            "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
          },
          {
            "name": "GLSA-201810-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-07"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mutt.org/news.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://neomutt.org/2018/07/16/release"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485"
          },
          {
            "name": "USN-3719-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3719-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-3/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870"
        },
        {
          "name": "DSA-4277",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4277"
        },
        {
          "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
        },
        {
          "name": "GLSA-201810-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-07"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mutt.org/news.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://neomutt.org/2018/07/16/release"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485"
        },
        {
          "name": "USN-3719-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14358",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3719-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-3/"
            },
            {
              "name": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870"
            },
            {
              "name": "DSA-4277",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4277"
            },
            {
              "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
            },
            {
              "name": "GLSA-201810-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-07"
            },
            {
              "name": "http://www.mutt.org/news.html",
              "refsource": "MISC",
              "url": "http://www.mutt.org/news.html"
            },
            {
              "name": "https://neomutt.org/2018/07/16/release",
              "refsource": "MISC",
              "url": "https://neomutt.org/2018/07/16/release"
            },
            {
              "name": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485",
              "refsource": "MISC",
              "url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485"
            },
            {
              "name": "USN-3719-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14358",
    "datePublished": "2018-07-17T17:00:00",
    "dateReserved": "2018-07-17T00:00:00",
    "dateUpdated": "2024-08-05T09:29:50.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-14355
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:29
Severity
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name.
References
URLTags
https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781dx_refsource_MISC
https://usn.ubuntu.com/3719-3/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4277vendor-advisory, x_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.htmlmailing-list, x_refsource_MLIST
https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5dx_refsource_MISC
https://security.gentoo.org/glsa/201810-07vendor-advisory, x_refsource_GENTOO
http://www.mutt.org/news.htmlx_refsource_MISC
https://neomutt.org/2018/07/16/releasex_refsource_MISC
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:29:50.131Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d"
          },
          {
            "name": "USN-3719-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-3/"
          },
          {
            "name": "DSA-4277",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4277"
          },
          {
            "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d"
          },
          {
            "name": "GLSA-201810-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-07"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mutt.org/news.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://neomutt.org/2018/07/16/release"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles \"..\" directory traversal in a mailbox name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d"
        },
        {
          "name": "USN-3719-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-3/"
        },
        {
          "name": "DSA-4277",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4277"
        },
        {
          "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d"
        },
        {
          "name": "GLSA-201810-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-07"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mutt.org/news.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://neomutt.org/2018/07/16/release"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14355",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles \"..\" directory traversal in a mailbox name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d"
            },
            {
              "name": "USN-3719-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-3/"
            },
            {
              "name": "DSA-4277",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4277"
            },
            {
              "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
            },
            {
              "name": "https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d",
              "refsource": "MISC",
              "url": "https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d"
            },
            {
              "name": "GLSA-201810-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-07"
            },
            {
              "name": "http://www.mutt.org/news.html",
              "refsource": "MISC",
              "url": "http://www.mutt.org/news.html"
            },
            {
              "name": "https://neomutt.org/2018/07/16/release",
              "refsource": "MISC",
              "url": "https://neomutt.org/2018/07/16/release"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14355",
    "datePublished": "2018-07-17T17:00:00",
    "dateReserved": "2018-07-17T00:00:00",
    "dateUpdated": "2024-08-05T09:29:50.131Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-4875
Vulnerability from cvelistv5
Published
2023-09-09 14:30
Modified
2024-08-30 15:14
Severity
2.2 (Low) - cvssV3_1 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
Summary
Undefined Behavior for Input to API in Mutt
References
URLTags
https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch
https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch
Impacted products
VendorProduct
MuttMutt
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:38:00.765Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5494"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/26/6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4875",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-30T15:14:35.816969Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-30T15:14:47.158Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mutt",
          "vendor": "Mutt",
          "versions": [
            {
              "lessThan": "2.2.12",
              "status": "affected",
              "version": "1.5.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Chenyuan Mi"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Null pointer dereference when composing from a specially crafted draft message in Mutt \u003e1.5.2 \u003c2.2.12"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-475",
              "description": "CWE-475: Undefined Behavior for Input to API",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-29T15:04:50.526Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch"
        },
        {
          "url": "https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to version 2.2.12"
        }
      ],
      "title": "Undefined Behavior for Input to API in Mutt"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2023-4875",
    "datePublished": "2023-09-09T14:30:24.864Z",
    "dateReserved": "2023-09-09T12:01:14.019Z",
    "dateUpdated": "2024-08-30T15:14:47.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-1390
Vulnerability from cvelistv5
Published
2009-06-16 20:26
Modified
2024-08-07 05:13
Severity
Summary
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
References
URLTags
http://www.securityfocus.com/bid/35288vdb-entry, x_refsource_BID
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.htmlvendor-advisory, x_refsource_FEDORA
http://dev.mutt.org/hg/mutt/rev/64bf199c8d8ax_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/51068vdb-entry, x_refsource_XF
http://dev.mutt.org/hg/mutt/rev/8f11dd00c770x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2009/06/10/2mailing-list, x_refsource_MLIST
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:13:25.481Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "35288",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35288"
          },
          {
            "name": "FEDORA-2009-6465",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a"
          },
          {
            "name": "mutt-x509-security-bypass(51068)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51068"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770"
          },
          {
            "name": "[oss-security] 20090610 Mutt 1.5.19 SSL chain verification flaw",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/06/10/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "35288",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35288"
        },
        {
          "name": "FEDORA-2009-6465",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a"
        },
        {
          "name": "mutt-x509-security-bypass(51068)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51068"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770"
        },
        {
          "name": "[oss-security] 20090610 Mutt 1.5.19 SSL chain verification flaw",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/06/10/2"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-1390",
    "datePublished": "2009-06-16T20:26:00",
    "dateReserved": "2009-04-23T00:00:00",
    "dateUpdated": "2024-08-07T05:13:25.481Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-2683
Vulnerability from cvelistv5
Published
2007-05-15 21:00
Modified
2024-08-07 13:49
Severity
Summary
Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
References
URLTags
http://secunia.com/advisories/25529third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1018066vdb-entry, x_refsource_SECTRACK
http://www.trustix.org/errata/2007/0024/vendor-advisory, x_refsource_TRUSTIX
http://secunia.com/advisories/26415third-party-advisory, x_refsource_SECUNIA
http://dev.mutt.org/trac/ticket/2885x_refsource_MISC
http://secunia.com/advisories/25408third-party-advisory, x_refsource_SECUNIA
http://osvdb.org/34973vdb-entry, x_refsource_OSVDB
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10543vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/25546third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/25515third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/34441vdb-entry, x_refsource_XF
http://www.mandriva.com/security/advisories?name=MDKSA-2007:113vendor-advisory, x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2007-0386.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/24192vdb-entry, x_refsource_BID
https://issues.rpath.com/browse/RPL-1391x_refsource_CONFIRM
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:49:57.139Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "25529",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25529"
          },
          {
            "name": "1018066",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018066"
          },
          {
            "name": "2007-0024",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2007/0024/"
          },
          {
            "name": "26415",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26415"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://dev.mutt.org/trac/ticket/2885"
          },
          {
            "name": "25408",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25408"
          },
          {
            "name": "34973",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/34973"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890"
          },
          {
            "name": "oval:org.mitre.oval:def:10543",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10543"
          },
          {
            "name": "25546",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25546"
          },
          {
            "name": "25515",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25515"
          },
          {
            "name": "mutt-gecos-bo(34441)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34441"
          },
          {
            "name": "MDKSA-2007:113",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113"
          },
          {
            "name": "RHSA-2007:0386",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html"
          },
          {
            "name": "24192",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24192"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1391"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via \"\u0026\" characters in the GECOS field, which triggers the overflow during alias expansion."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "25529",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25529"
        },
        {
          "name": "1018066",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018066"
        },
        {
          "name": "2007-0024",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2007/0024/"
        },
        {
          "name": "26415",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26415"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://dev.mutt.org/trac/ticket/2885"
        },
        {
          "name": "25408",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25408"
        },
        {
          "name": "34973",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/34973"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890"
        },
        {
          "name": "oval:org.mitre.oval:def:10543",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10543"
        },
        {
          "name": "25546",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25546"
        },
        {
          "name": "25515",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25515"
        },
        {
          "name": "mutt-gecos-bo(34441)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34441"
        },
        {
          "name": "MDKSA-2007:113",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113"
        },
        {
          "name": "RHSA-2007:0386",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html"
        },
        {
          "name": "24192",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24192"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1391"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2683",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via \"\u0026\" characters in the GECOS field, which triggers the overflow during alias expansion."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "25529",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25529"
            },
            {
              "name": "1018066",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018066"
            },
            {
              "name": "2007-0024",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2007/0024/"
            },
            {
              "name": "26415",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26415"
            },
            {
              "name": "http://dev.mutt.org/trac/ticket/2885",
              "refsource": "MISC",
              "url": "http://dev.mutt.org/trac/ticket/2885"
            },
            {
              "name": "25408",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25408"
            },
            {
              "name": "34973",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/34973"
            },
            {
              "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890"
            },
            {
              "name": "oval:org.mitre.oval:def:10543",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10543"
            },
            {
              "name": "25546",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25546"
            },
            {
              "name": "25515",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25515"
            },
            {
              "name": "mutt-gecos-bo(34441)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34441"
            },
            {
              "name": "MDKSA-2007:113",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113"
            },
            {
              "name": "RHSA-2007:0386",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html"
            },
            {
              "name": "24192",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24192"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1391",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1391"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2683",
    "datePublished": "2007-05-15T21:00:00",
    "dateReserved": "2007-05-15T00:00:00",
    "dateUpdated": "2024-08-07T13:49:57.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-2642
Vulnerability from cvelistv5
Published
2005-08-21 04:00
Modified
2024-08-07 22:45
Severity
Summary
Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext.
References
URLTags
http://www.securityfocus.com/bid/14596vdb-entry, x_refsource_BID
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0600.htmlmailing-list, x_refsource_FULLDISC
http://online.securityfocus.com/archive/1/408493mailing-list, x_refsource_BUGTRAQ
http://comments.gmane.org/gmane.mail.mutt.devel/8379x_refsource_MISC
http://online.securityfocus.com/archive/1/408501mailing-list, x_refsource_BUGTRAQ
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0594.htmlmailing-list, x_refsource_FULLDISC
http://secunia.com/advisories/16485third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1014729vdb-entry, x_refsource_SECTRACK
Impacted products
VendorProduct
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:45:01.313Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "14596",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/14596"
          },
          {
            "name": "20050818 Re: mutt buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0600.html"
          },
          {
            "name": "20050818 mutt buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/archive/1/408493"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://comments.gmane.org/gmane.mail.mutt.devel/8379"
          },
          {
            "name": "20050818 Re: mutt buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/archive/1/408501"
          },
          {
            "name": "20050818 mutt buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0594.html"
          },
          {
            "name": "16485",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/16485"
          },
          {
            "name": "1014729",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1014729"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-08-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2006-01-17T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "14596",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/14596"
        },
        {
          "name": "20050818 Re: mutt buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0600.html"
        },
        {
          "name": "20050818 mutt buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://online.securityfocus.com/archive/1/408493"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://comments.gmane.org/gmane.mail.mutt.devel/8379"
        },
        {
          "name": "20050818 Re: mutt buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://online.securityfocus.com/archive/1/408501"
        },
        {
          "name": "20050818 mutt buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0594.html"
        },
        {
          "name": "16485",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/16485"
        },
        {
          "name": "1014729",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1014729"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-2642",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "14596",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/14596"
            },
            {
              "name": "20050818 Re: mutt buffer overflow",
              "refsource": "FULLDISC",
              "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0600.html"
            },
            {
              "name": "20050818 mutt buffer overflow",
              "refsource": "BUGTRAQ",
              "url": "http://online.securityfocus.com/archive/1/408493"
            },
            {
              "name": "http://comments.gmane.org/gmane.mail.mutt.devel/8379",
              "refsource": "MISC",
              "url": "http://comments.gmane.org/gmane.mail.mutt.devel/8379"
            },
            {
              "name": "20050818 Re: mutt buffer overflow",
              "refsource": "BUGTRAQ",
              "url": "http://online.securityfocus.com/archive/1/408501"
            },
            {
              "name": "20050818 mutt buffer overflow",
              "refsource": "FULLDISC",
              "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0594.html"
            },
            {
              "name": "16485",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/16485"
            },
            {
              "name": "1014729",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1014729"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-2642",
    "datePublished": "2005-08-21T04:00:00",
    "dateReserved": "2005-08-21T00:00:00",
    "dateUpdated": "2024-08-07T22:45:01.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-2351
Vulnerability from cvelistv5
Published
2019-11-01 18:47
Modified
2024-08-07 22:22
Severity
Summary
Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files.
References
URLTags
https://security-tracker.debian.org/tracker/CVE-2005-2351x_refsource_MISC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311296x_refsource_MISC
Impacted products
VendorProduct
muttmutt
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:22:48.962Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2005-2351"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311296"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mutt",
          "vendor": "mutt",
          "versions": [
            {
              "status": "affected",
              "version": "before 1.5.20-7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-01T18:47:18",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2005-2351"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311296"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2005-2351",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "mutt",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 1.5.20-7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "mutt"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2005-2351",
              "refsource": "MISC",
              "url": "https://security-tracker.debian.org/tracker/CVE-2005-2351"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311296",
              "refsource": "MISC",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311296"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2005-2351",
    "datePublished": "2019-11-01T18:47:18",
    "dateReserved": "2005-07-22T00:00:00",
    "dateUpdated": "2024-08-07T22:22:48.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

jvndb-2007-000295
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2009-08-06 11:39
Severity
() - -
Summary
APOP password recovery vulnerability
Details
POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol. It is reported that APOP passwords could be recovered by third parties. In its successful attack, the attacker spoofs itself as the mail server, provides challenge strings to the client, and collects the responses from the client. The attacker should repeat this process for a certain period of time without alerting the user of the attack.
References
TypeURL
JVN http://jvn.jp/cert/JVNTA07-151A/index.html
JVN http://jvn.jp/en/jp/JVN19445002/index.html
JVNTR http://jvn.jp/tr/TRTA07-151A/index.html
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558
NVD http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1558
CERT-SA http://www.us-cert.gov/cas/alerts/SA07-151A.html
CERT-TA http://www.us-cert.gov/cas/techalerts/TA07-151A.html
BID http://www.securityfocus.com/bid/23257
SECTRACK http://www.securitytracker.com/id?1018008
FRSIRT http://www.frsirt.com/english/advisories/2007/1466
FRSIRT http://www.frsirt.com/english/advisories/2007/1480
FRSIRT http://www.frsirt.com/english/advisories/2007/1468
FRSIRT http://www.frsirt.com/english/advisories/2007/1467
IETF http://www.ietf.org/rfc/rfc1939.txt
Permissions(CWE-264) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
VendorProduct
Claws MailClaws Mail
Fetchmail ProjectFetchmail
mozilla.org contributorsMozilla SeaMonkey
mozilla.org contributorsMozilla Thunderbird
MuttMutt
Red Hat, Inc.RHEL Optional Productivity Applications
SylpheedSylpheed
Hewlett-Packard Development Company,L.PHP-UX
Cybertrust Japan Co., Ltd.Asianux Server
Red Hat, Inc.Red Hat Enterprise Linux
Red Hat, Inc.Red Hat Enterprise Linux Desktop
Red Hat, Inc.Red Hat Enterprise Linux EUS
Red Hat, Inc.Red Hat Linux Advanced Workstation
Red Hat, Inc.RHEL Desktop Workstation
Turbolinux, Inc.Turbolinux
Turbolinux, Inc.Turbolinux Desktop
Turbolinux, Inc.Turbolinux FUJI
Turbolinux, Inc.Turbolinux Home
Turbolinux, Inc.Turbolinux Multimedia
Turbolinux, Inc.Turbolinux Personal
Turbolinux, Inc.Turbolinux Server
Turbolinux, Inc.wizpy
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000295.html",
  "dc:date": "2009-08-06T11:39+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2009-08-06T11:39+09:00",
  "description": "POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol.\r\n\r\nIt is reported that APOP passwords could be recovered by third parties.\r\n\r\nIn its successful attack, the attacker spoofs itself as the mail server, provides challenge strings to the client, and collects the responses from the client. The attacker should repeat this process for a certain period of time without alerting the user of the attack.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000295.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:claws_mail:claws_mail",
      "@product": "Claws Mail",
      "@vendor": "Claws Mail",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fetchmail:fetchmail",
      "@product": "Fetchmail",
      "@vendor": "Fetchmail Project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:mozilla:seamonkey",
      "@product": "Mozilla SeaMonkey",
      "@vendor": "mozilla.org contributors",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:mozilla:thunderbird",
      "@product": "Mozilla Thunderbird",
      "@vendor": "mozilla.org contributors",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:mutt:mutt",
      "@product": "Mutt",
      "@vendor": "Mutt",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_optional_productivity_applications",
      "@product": "RHEL Optional Productivity Applications",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sylpheed:sylpheed",
      "@product": "Sylpheed",
      "@vendor": "Sylpheed",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:hp:hp-ux",
      "@product": "HP-UX",
      "@vendor": "Hewlett-Packard Development Company,L.P",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_eus",
      "@product": "Red Hat Enterprise Linux EUS",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:rhel_desktop_workstation",
      "@product": "RHEL Desktop Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux",
      "@product": "Turbolinux",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_desktop",
      "@product": "Turbolinux Desktop",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_fuji",
      "@product": "Turbolinux FUJI",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_home",
      "@product": "Turbolinux Home",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_multimedia",
      "@product": "Turbolinux Multimedia",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_personal",
      "@product": "Turbolinux Personal",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_wizpy",
      "@product": "wizpy",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.4",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000295",
  "sec:references": [
    {
      "#text": "http://jvn.jp/cert/JVNTA07-151A/index.html",
      "@id": "JVNTA07-151A",
      "@source": "JVN"
    },
    {
      "#text": "http://jvn.jp/en/jp/JVN19445002/index.html",
      "@id": "JVN#19445002",
      "@source": "JVN"
    },
    {
      "#text": "http://jvn.jp/tr/TRTA07-151A/index.html",
      "@id": "TRTA07-151A",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558",
      "@id": "CVE-2007-1558",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1558",
      "@id": "CVE-2007-1558",
      "@source": "NVD"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA07-151A.html",
      "@id": "SA07-151A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html",
      "@id": "TA07-151A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/23257",
      "@id": "23257",
      "@source": "BID"
    },
    {
      "#text": "http://www.securitytracker.com/id?1018008",
      "@id": "1018008",
      "@source": "SECTRACK"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/1466",
      "@id": "FrSIRT/ADV-2007-1466",
      "@source": "FRSIRT"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/1480",
      "@id": "FrSIRT/ADV-2007-1480",
      "@source": "FRSIRT"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/1468",
      "@id": "FrSIRT/ADV-2007-1468",
      "@source": "FRSIRT"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/1467",
      "@id": "FrSIRT/ADV-2007-1467",
      "@source": "FRSIRT"
    },
    {
      "#text": "http://www.ietf.org/rfc/rfc1939.txt",
      "@id": "RFC1939:Post Office Protocol - Version 3",
      "@source": "IETF"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "APOP password recovery vulnerability"
}