CVE-2022-1328 — Classic Buffer Overflow in Mutt

CWE-120 — Classic Buffer Overflow11 documents8 sources

Severity

5.3MEDIUMNVD

CNA4.3OSV9.8OSV9.1

EPSS

0.2%

top 55.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mutt Neomutt Debian Linux +1 more

Timeline

PublishedApr 14

Latest updateJan 15

Description

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages6 packages

▶NVDmutt/mutt0.94.13 — 2.2.3

▶Debianmutt/mutt< 2.0.5-4.1+deb11u1+3

▶Ubuntumutt/mutt< 1.9.4-3ubuntu0.6+3

▶Debianneomutt/neomutt< 20220429+dfsg1-1+2

▶Ubuntuneomutt/neomutt< 20171215+dfsg.1-1ubuntu0.1~esm1+3

Also affects: Debian Linux 9.0, Fedora 36

Patches

Patch: gitlab.com ↗Patch: gitlab.com ↗Patch: gitlab.com ↗

🔴Vulnerability Details

OSV

neomutt vulnerabilities↗2025-01-15

▶

OSV

mutt vulnerabilities↗2022-04-28

▶

GHSA

GHSA-qfrq-pp74-gpff: Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0↗2022-04-15

▶

CVEList

CVE-2022-1328: Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0↗2022-04-14

▶

OSV

CVE-2022-1328: Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0↗2022-04-14

▶

📋Vendor Advisories

Ubuntu

NeoMutt vulnerabilities↗2025-01-15

▶

Ubuntu

Mutt vulnerabilities↗2022-04-28

▶

Red Hat

mutt: buffer overflow in uudecoder function↗2022-04-14

▶

Microsoft

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line↗2022-04-12

▶

Debian

CVE-2022-1328: mutt - Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.1...↗2022

▶