[v3.1] mutt: heap-based buffer overflow in mutt_substrdup (CVE-2014-9116)
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
References:
http://seclists.org/oss-sec/2014/q4/835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9116
CONFIRM: http://dev.mutt.org/trac/ticket/3716
PATCH:
http://dev.mutt.org/trac/attachment/ticket/3716/ticket-3716-stable-revised.patch
(from redmine: issue id 3770, created on 2015-01-27, closed on 2017-05-17)
- Relations:
- parent #3766
- Changesets:
- Revision 1e5e7cc1 by Natanael Copa on 2015-01-27T11:56:34Z:
main/mutt: security fix for CVE-2014-9116
ref #3766
fixes #3770
(cherry picked from commit 65306a18e2d26e3724f00b5856166a87ebf4439e)