// For flags

CVE-2014-9116

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.

La función write_one_header en mutt 1.5.23 no maneja correctamente los caracteres de línea nueva al inicio de una cabecera, lo que permite a atacantes remotos causar una denegación de servicio (caída) a través de una cabecera con el cuerpo vacío, lo que provoca un desbordamiento de buffer basado en memoria dinámica en la función mutt_substrdup.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-11-26 CVE Reserved
  • 2014-12-01 CVE Published
  • 2024-07-14 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Suse
Search vendor "Suse"
Linux Enterprise Desktop
Search vendor "Suse" for product "Linux Enterprise Desktop"
12
Search vendor "Suse" for product "Linux Enterprise Desktop" and version "12"
-
Affected
Suse
Search vendor "Suse"
Suse Linux Enterprise Server
Search vendor "Suse" for product "Suse Linux Enterprise Server"
12
Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "12"
-
Affected
Mutt
Search vendor "Mutt"
Mutt
Search vendor "Mutt" for product "Mutt"
1.5.23
Search vendor "Mutt" for product "Mutt" and version "1.5.23"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Mageia
Search vendor "Mageia"
Mageia
Search vendor "Mageia" for product "Mageia"
4.0
Search vendor "Mageia" for product "Mageia" and version "4.0"
-
Affected