CVE-2018-14349Improper Input Validation in Mutt

CWE-20Improper Input ValidationCWE-122Heap-based Buffer OverflowCWE-89SQL Injection17 documents8 sources
Severity
9.8CRITICALNVD
EPSS
0.9%
top 24.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
MuttNeomuttDebian Mutt+4 more
Timeline
PublishedJul 17
Latest updateJan 15

Description

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages9 packages

debiandebian/neomutt< mutt 1.10.1-1 (bookworm)
NVDneomutt/neomutt< 20180716
Debianneomutt/neomutt< 20180716+dfsg.1-1+3
Ubuntuneomutt/neomutt< 20171215+dfsg.1-1ubuntu0.1~esm1+3
NVDmutt/mutt< 1.10.1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 16.04

Patches

Patch: github.comPatch: gitlab.comPatch: github.com

🔴Vulnerability Details

5
OSV
neomutt vulnerabilities2025-01-15
GHSA
GHSA-8pq8-fvxj-2gx6: An issue was discovered in Mutt before 12022-05-13
OSV
mutt vulnerabilities2018-09-28
OSV
mutt vulnerabilities2018-07-23
OSV
CVE-2018-14349: An issue was discovered in Mutt before 12018-07-17

📋Vendor Advisories

8
Ubuntu
NeoMutt vulnerabilities2025-01-15
Red Hat
postgresql: Uncontrolled search path element in logical replication2020-08-13
Microsoft
It was found that PostgreSQL versions before 12.4 before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an2020-08-11
Ubuntu
Mutt vulnerabilities2018-09-28
Ubuntu
Mutt vulnerabilities2018-07-23

💬Community

3
Bugzilla
CVE-2020-14349 postgresql: Uncontrolled search path element in logical replication2020-08-04
Bugzilla
CVE-2018-14349 mutt: Heap Overflow in imap/command.c [fedora-all]2018-07-18
Bugzilla
CVE-2018-14349 mutt: Heap Overflow in imap/command.c2018-07-18