CVE-2014-0467 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mutt

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

1.8%

top 17.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mutt Debian Mutt Opensuse

Timeline

PublishedMar 14

Latest updateMay 14

Description

Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/mutt< mutt 1.5.22-2 (bookworm)

▶Debianmutt/mutt< 1.5.22-2+3

▶NVDmutt/mutt1.5.22+22

▶NVDopensuse/opensuse11.4, 12.3, 13.1+2

🔴Vulnerability Details

GHSA

GHSA-qw3h-r7wr-mxvx: Buffer overflow in copy↗2022-05-14

▶

OSV

CVE-2014-0467: Buffer overflow in copy↗2014-03-14

▶

📋Vendor Advisories

Ubuntu

Mutt vulnerability↗2014-03-13

▶

Debian

CVE-2014-0467: mutt - Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause...↗2014

▶

Red Hat

mutt: heap-based buffer overflow when parsing certain headers↗2013-05-18

▶

💬Community

Bugzilla

CVE-2014-0467 mutt: heap-based buffer overflow when parsing certain headers [fedora-all]↗2014-03-13

▶

Bugzilla

CVE-2014-0467 mutt: heap-based buffer overflow when parsing certain headers↗2014-03-13

▶