CVE-2018-14357: An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.

Affected

38 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	mutt	< mutt 1.10.1-1 (bookworm)	mutt 1.10.1-1 (bookworm)
debian	neomutt	< mutt 1.10.1-1 (bookworm)	mutt 1.10.1-1 (bookworm)
mutt	mutt	< 1.10.1	1.10.1
mutt	mutt	>= 0 < 1.10.1-1	1.10.1-1
mutt	mutt	>= 0 < 1.10.1-1	1.10.1-1
mutt	mutt	>= 0 < 1.10.1-1	1.10.1-1
mutt	mutt	>= 0 < 1.10.1-1	1.10.1-1
mutt	mutt	>= 0 < 1.5.21-6.4ubuntu2.2	1.5.21-6.4ubuntu2.2
mutt	mutt	>= 0 < 1.5.24-1ubuntu0.2	1.5.24-1ubuntu0.2
mutt	mutt	>= 0 < 1.5.24-1ubuntu0.1	1.5.24-1ubuntu0.1
mutt	mutt	>= 0 < 1.9.4-3ubuntu0.1	1.9.4-3ubuntu0.1
neomutt	neomutt	< 20180716	20180716
neomutt	neomutt	>= 0 < 20180716+dfsg.1-1	20180716+dfsg.1-1
neomutt	neomutt	>= 0 < 20180716+dfsg.1-1	20180716+dfsg.1-1
neomutt	neomutt	>= 0 < 20180716+dfsg.1-1	20180716+dfsg.1-1
neomutt	neomutt	>= 0 < 20180716+dfsg.1-1	20180716+dfsg.1-1
neomutt	neomutt	>= 0 < 20171215+dfsg.1-1ubuntu0.1~esm1	20171215+dfsg.1-1ubuntu0.1~esm1
neomutt	neomutt	>= 0 < 20191207+dfsg.1-1.1ubuntu0.1~esm1	20191207+dfsg.1-1.1ubuntu0.1~esm1
neomutt	neomutt	>= 0 < 20211029+dfsg1-1ubuntu0.1~esm1	20211029+dfsg1-1ubuntu0.1~esm1
neomutt	neomutt	>= 0 < 20231103+dfsg1-1ubuntu0.1~esm1	20231103+dfsg1-1ubuntu0.1~esm1

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL