CVE-2018-14354: An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.

Affected

39 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	mutt	< mutt 1.10.1-1 (bookworm)	mutt 1.10.1-1 (bookworm)
debian	neomutt	< mutt 1.10.1-1 (bookworm)	mutt 1.10.1-1 (bookworm)
mutt	mutt	< 1.10.1	1.10.1
mutt	mutt	>= 0 < 1.10.1-1	1.10.1-1
mutt	mutt	>= 0 < 1.10.1-1	1.10.1-1
mutt	mutt	>= 0 < 1.10.1-1	1.10.1-1
mutt	mutt	>= 0 < 1.10.1-1	1.10.1-1
mutt	mutt	>= 0 < 1.5.21-6.4ubuntu2.2	1.5.21-6.4ubuntu2.2
mutt	mutt	>= 0 < 1.5.24-1ubuntu0.2	1.5.24-1ubuntu0.2
mutt	mutt	>= 0 < 1.5.24-1ubuntu0.1	1.5.24-1ubuntu0.1
mutt	mutt	>= 0 < 1.9.4-3ubuntu0.1	1.9.4-3ubuntu0.1
neomutt	neomutt	< 20180716	20180716
neomutt	neomutt	>= 0 < 20180716+dfsg.1-1	20180716+dfsg.1-1
neomutt	neomutt	>= 0 < 20180716+dfsg.1-1	20180716+dfsg.1-1
neomutt	neomutt	>= 0 < 20180716+dfsg.1-1	20180716+dfsg.1-1
neomutt	neomutt	>= 0 < 20180716+dfsg.1-1	20180716+dfsg.1-1
neomutt	neomutt	>= 0 < 20171215+dfsg.1-1ubuntu0.1~esm1	20171215+dfsg.1-1ubuntu0.1~esm1
neomutt	neomutt	>= 0 < 20191207+dfsg.1-1.1ubuntu0.1~esm1	20191207+dfsg.1-1.1ubuntu0.1~esm1
neomutt	neomutt	>= 0 < 20211029+dfsg1-1ubuntu0.1~esm1	20211029+dfsg1-1ubuntu0.1~esm1

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL