cbcvebase.
CVE-2018-14362
published 2018-07-17

CVE-2018-14362: An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with…

critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.

Affected

36 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debianmutt< mutt 1.10.1-1 (bookworm)mutt 1.10.1-1 (bookworm)
debianneomutt< mutt 1.10.1-1 (bookworm)mutt 1.10.1-1 (bookworm)
muttmutt< 1.10.11.10.1
muttmutt>= 0 < 1.10.1-11.10.1-1
muttmutt>= 0 < 1.10.1-11.10.1-1
muttmutt>= 0 < 1.10.1-11.10.1-1
muttmutt>= 0 < 1.10.1-11.10.1-1
muttmutt>= 0 < 1.5.21-6.4ubuntu2.21.5.21-6.4ubuntu2.2
muttmutt>= 0 < 1.5.24-1ubuntu0.21.5.24-1ubuntu0.2
muttmutt>= 0 < 1.5.24-1ubuntu0.11.5.24-1ubuntu0.1
muttmutt>= 0 < 1.9.4-3ubuntu0.11.9.4-3ubuntu0.1
neomuttneomutt< 2018071620180716
neomuttneomutt>= 0 < 20180716+dfsg.1-120180716+dfsg.1-1
neomuttneomutt>= 0 < 20180716+dfsg.1-120180716+dfsg.1-1
neomuttneomutt>= 0 < 20180716+dfsg.1-120180716+dfsg.1-1
neomuttneomutt>= 0 < 20180716+dfsg.1-120180716+dfsg.1-1
neomuttneomutt>= 0 < 20171215+dfsg.1-1ubuntu0.1~esm120171215+dfsg.1-1ubuntu0.1~esm1
neomuttneomutt>= 0 < 20191207+dfsg.1-1.1ubuntu0.1~esm120191207+dfsg.1-1.1ubuntu0.1~esm1
neomuttneomutt>= 0 < 20211029+dfsg1-1ubuntu0.1~esm120211029+dfsg1-1ubuntu0.1~esm1
neomuttneomutt>= 0 < 20231103+dfsg1-1ubuntu0.1~esm120231103+dfsg1-1ubuntu0.1~esm1
redhatenterprise_linux_desktop
redhatenterprise_linux_desktop

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL