CVE-2018-14361Improper Input Validation in Neomutt

CWE-20Improper Input Validation7 documents6 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 41.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MuttNeomuttDebian Linux
Timeline
PublishedJul 17
Latest updateJan 15

Description

An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDneomutt/neomutt< 20180716
Debianneomutt/neomutt< 20180716+dfsg.1-1+3
Ubuntuneomutt/neomutt< 20171215+dfsg.1-1ubuntu0.1~esm1+3
Debianmutt/mutt< 1.9.1-1+3

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
neomutt vulnerabilities2025-01-15
GHSA
GHSA-g3r2-vqpx-9xhp: An issue was discovered in NeoMutt before 2018-07-162022-05-13
CVEList
CVE-2018-14361: An issue was discovered in NeoMutt before 2018-07-162018-07-17
OSV
CVE-2018-14361: An issue was discovered in NeoMutt before 2018-07-162018-07-17

📋Vendor Advisories

2
Ubuntu
NeoMutt vulnerabilities2025-01-15
Debian
CVE-2018-14361: mutt - An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if me...2018