CVE-2003-0140Improper Restriction of Operations within the Bounds of a Memory Buffer in Balsa

11 documents7 sources
Severity
7.5HIGHNVD
EPSS
2.2%
top 15.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Gnome BalsaMuttDebian Balsa+1 more
Timeline
PublishedMar 24
Latest updateApr 29

Description

Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

debiandebian/mutt< mutt 1.5.4-1 (bookworm)+1
Debianmutt/mutt< 1.4.0+7
NVDmutt/mutt11 versions+10
debiandebian/balsa< balsa 2.0.10 (bookworm)
Debiangnome/balsa< 2.0.10+3

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

4
GHSA
GHSA-qj3j-m7h3-hrhc: Buffer overflow in Mutt 12022-04-29
GHSA
GHSA-v7m5-jjhm-hp24: Multiple off-by-one buffer overflows in the IMAP capability for Mutt 12022-04-29
OSV
CVE-2003-0167: Multiple off-by-one buffer overflows in the IMAP capability for Mutt 12003-04-02
OSV
CVE-2003-0140: Buffer overflow in Mutt 12003-03-24

💥Exploits & PoCs

1
Exploit-DB
McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - 'ePowner' Multiple Vulnerabilities2014-04-28

📋Vendor Advisories

3
Red Hat
security flaw2003-03-20
Debian
CVE-2003-0140: mutt - Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, ...2003
Debian
CVE-2003-0167: balsa - Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and ...2003

💬Community

1
Bugzilla
CVE-2003-0140 security flaw2018-08-16