Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2683Improper Restriction of Operations within the Bounds of a Memory Buffer in Mutt

8 documents7 sources
Severity
3.5LOWNVD
EPSS
0.1%
top 66.85%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
MuttDebian Mutt
Timeline
PublishedMay 15
Latest updateMay 1

Description

Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.

CVSS vector

AV:L/AC:H/C:P/I:P/A:PExploitability: 1.5 | Impact: 6.4

Affected Packages3 packages

debiandebian/mutt< mutt 1.5.15+20070608-1 (bookworm)
Debianmutt/mutt< 1.5.15+20070608-1+3
NVDmutt/mutt1.4.2

🔴Vulnerability Details

2
GHSA
GHSA-c6h8-qr22-65qm: Buffer overflow in Mutt 12022-05-01
OSV
CVE-2007-2683: Buffer overflow in Mutt 12007-05-15

💥Exploits & PoCs

1
Exploit-DB
Mutt 1.4.2 - Mutt_Gecos_Name Function Local Buffer Overflow2007-05-28

📋Vendor Advisories

2
Red Hat
Buffer overflow in mutt's gecos structure handling2007-05-11
Debian
CVE-2007-2683: mutt - Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code ...2007

💬Community

2
Bugzilla
CVE-2006-5297 Multiple mutt tempfile race conditions2007-07-20
Bugzilla
CVE-2007-2683 Buffer overflow in mutt's gecos structure handling2007-05-11