CVE-2018-14351
https://notcve.org/view.php?id=CVE-2018-14351
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. imap/command.c gestiona de manera incorrecta un tamaño de conteo literal IMAP de status mailbox. • http://www.mutt.org/news.html https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741 https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1 https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html https://neomutt.org/2018/07/16/release https://security.gentoo.org/glsa/201810-07 https://usn.ubuntu.com/3719-3 https://www.debian.org/security/2018/dsa-4277 • CWE-20: Improper Input Validation •
CVE-2018-14362 – mutt: POP body caching path traversal vulnerability
https://notcve.org/view.php?id=CVE-2018-14362
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. pop.c no prohíbe los caracteres que podrían interactuar de forma insegura con los nombres de ruta message-cache, tal y como queda demostrado con un carácter "/". • http://www.mutt.org/news.html https://access.redhat.com/errata/RHSA-2018:2526 https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576 https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html https://neomutt.org/2018/07/16/release https://security.gentoo.org/glsa/201810-07 https://usn.ubuntu.com/3719-3 https://www.debian.org/security/2018/dsa-4277 https://access.redhat.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-9116
https://notcve.org/view.php?id=CVE-2014-9116
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function. La función write_one_header en mutt 1.5.23 no maneja correctamente los caracteres de línea nueva al inicio de una cabecera, lo que permite a atacantes remotos causar una denegación de servicio (caída) a través de una cabecera con el cuerpo vacío, lo que provoca un desbordamiento de buffer basado en memoria dinámica en la función mutt_substrdup. • http://advisories.mageia.org/MGASA-2014-0509.html http://dev.mutt.org/trac/ticket/3716 http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.html http://www.debian.org/security/2014/dsa-3083 http://www.mandriva.com/security/advisories?name=MDVSA-2014:245 http://www.mandriva.com/security/advisories?name=MDVSA-2015:078 http://www.openwall.com/lists/oss-security/2014/11/27/5 http://www.openwall.com/lists/oss-security/2014/11/27/9 http://www.securityfocus& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-0467 – mutt: heap-based buffer overflow when parsing certain headers
https://notcve.org/view.php?id=CVE-2014-0467
Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. Desbordamiento de buffer en copy.c en Mutt anterior a 1.5.23 permite a atacantes remotos causar una denegación de servicio (caída) a través de una línea de cabecera RFC2047 manipulada, relacionado con la expansión de dirección. • http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.html http://rhn.redhat.com/errata/RHSA-2014-0304.html http://www.debian.org/security/2014/dsa-2874 http://www.mutt.org/doc/devel/ChangeLog http://www.securityfocus.com/bid/66165 http://www.securitytracker.com/id/1029919 http://www.ubuntu.com/usn/USN-2147-1 https://access • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2009-3766
https://notcve.org/view.php?id=CVE-2009-3766
mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. En el archivo mutt_ssl.c en mutt versión 1.5.16 y otras versiones anteriores a 1.5.19, cuando es usado OpenSSL, no comprueba el nombre de dominio en el campo Common Name (CN) de un certificado X.509, que permite a los atacantes de tipo man-in-the-middle falsificar servidores SSL por medio de un certificado válido arbitrario. • http://dev.mutt.org/trac/ticket/3087 http://marc.info/?l=oss-security&m=125198917018936&w=2 http://www.openwall.com/lists/oss-security/2009/10/26/1 • CWE-310: Cryptographic Issues •