Project

General

Profile

Bug #9129

Bug #9127: mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362)

[3.8] mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362)

Added by Alicha CH 6 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
07/24/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2018-14349: Heap Overflow in imap/command.c

Fixed In Version:

mutt 1.10.1

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-14349

Patches:

https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416

CVE-2018-14350: stack-based buffer overflow in imap/message.c

Fixed In Version:

mutt 1.10.1

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-14349

Patch:

https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870

CVE-2018-14351: IMAP status mailbox literal mishandled in imap/command.c

Fixed In Version:

mutt 1.10.1

References:

http://www.mutt.org/news.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14351

Patch:

https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1

CVE-2018-14352: stack-based buffer overflow in imap/util.c

Fixed In Version:

mutt 1.10.1

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-14352

Patch:

https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d

CVE-2018-14353: integer underflow in imap/util.c

Fixed In Version:

mutt 1.10.1

References:

http://www.mutt.org/news.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14353

Patch:

https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d

CVE-2018-14354: Remote code injection vulnerability to an IMAP mailbox

Fixed In Version:

mutt 1.10.1

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-14354

Patch:

https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d

CVE-2018-14355: IMAP header caching path traversal vulnerability

Fixed In Version:

mutt 1.10.1

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-14355

Patch:

https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d

CVE-2018-14356: mishandles a zero-length UID in pop.c

Fixed In Version:

mutt 1.10.1

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-14356

Patch:

https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6

CVE-2018-14357: Remote Code Execution via backquote characters

Fixed In Version:

mutt 1.10.1

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-14357

Patch:

https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d

CVE-2018-14358: stack-based buffer overflow in imap/message.c

Fixed In Version:

mutt 1.10.1

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-14358

Patch:

https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870

CVE-2018-14359: buffer overflow via base64 data

Fixed In Version:

mutt 1.10.1

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-14359

Patch:

https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a

CVE-2018-14362: POP body caching path traversal vulnerability

Fixed In Version:

mutt 1.10.1

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-14362

Patch:

https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576


Related issues

Copied from Alpine Linux - Bug #9127: mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362)Closed2018-07-24

Associated revisions

Revision 0d3886cd (diff)
Added by Natanael Copa 6 months ago

main/mutt: security upgrade to 1.10.1

CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352,
CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356,
CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362

fixes #9129

History

#1 Updated by Alicha CH 6 months ago

  • Copied from Bug #9127: mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362) added

#2 Updated by Natanael Copa 6 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Alicha CH 6 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362)

Also available in: Atom PDF