CVE-2018-14356
https://notcve.org/view.php?id=CVE-2018-14356
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. pop.c gestiona de manera incorrecta un UID de longitud cero. • http://www.mutt.org/news.html https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82 https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6 https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html https://neomutt.org/2018/07/16/release https://security.gentoo.org/glsa/201810-07 https://usn.ubuntu.com/3719-3 https://www.debian.org/security/2018/dsa-4277 • CWE-824: Access of Uninitialized Pointer •
CVE-2018-14354 – mutt: Remote code injection vulnerability to an IMAP mailbox
https://notcve.org/view.php?id=CVE-2018-14354
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. Permiten que los servidores IMAP remotos ejecuten comandos arbitrarios mediante caracteres de acento grave; esto esto está relacionado con el comando mailboxes asociado con una suscripción o una baja manuales. • http://www.mutt.org/news.html http://www.securityfocus.com/bid/104925 https://access.redhat.com/errata/RHSA-2018:2526 https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html https://neomutt.org/2018/07/16/release https://security.gentoo.org/glsa/201810-07 https://usn.ubuntu.com/3719-1 https://usn.ubuntu.com/3719-2 h • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2018-14357 – mutt: Remote Code Execution via backquote characters
https://notcve.org/view.php?id=CVE-2018-14357
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. Permiten que los servidores IMAP remotos ejecuten comandos arbitrarios mediante caracteres de acento grave; esto está relacionado con el comando mailboxes asociado con una suscripción automática. • http://www.mutt.org/news.html https://access.redhat.com/errata/RHSA-2018:2526 https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725 https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html https://neomutt.org/2018/07/16/release https://security.gentoo.org/glsa/201810-07 https://usn.ubuntu.com/3719-1 https://usn.ubuntu.com/3719-3 https://www.debian.org/security/2018/dsa • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2018-14353
https://notcve.org/view.php?id=CVE-2018-14353
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. imap_quote_string en imap/util.c tiene un subdesbordamiento de búfer. • http://www.mutt.org/news.html https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23 https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html https://neomutt.org/2018/07/16/release https://security.gentoo.org/glsa/201810-07 https://usn.ubuntu.com/3719-1 https://usn.ubuntu.com/3719-3 https://www.debian.org/security/2018/dsa-4277 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2018-14358
https://notcve.org/view.php?id=CVE-2018-14358
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. imap/message.c tiene un desbordamiento de búfer basado en pila para una respuesta FETCH con un campo RFC822.SIZE largo. • http://www.mutt.org/news.html https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485 https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870 https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html https://neomutt.org/2018/07/16/release https://security.gentoo.org/glsa/201810-07 https://usn.ubuntu.com/3719-1 https://usn.ubuntu.com/3719-3 https://www.debian.org/security/2018/dsa-4277 • CWE-787: Out-of-bounds Write •