Vulnerability Details : CVE-2018-14361
An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2018-14361
Probability of exploitation activity in the next 30 days: 0.38%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-14361
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-14361
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-14361
-
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html
[SECURITY] [DLA 1455-1] mutt security updateMailing List;Third Party Advisory
-
https://www.debian.org/security/2018/dsa-4277
Debian -- Security Information -- DSA-4277-1 muttThird Party Advisory
-
https://neomutt.org/2018/07/16/release
Release 2018-07-16 - NeoMuttRelease Notes;Vendor Advisory
-
https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585
Add alloc fail check in nntp_fetch_headers · neomutt/neomutt@9e927af · GitHubPatch;Third Party Advisory
Products affected by CVE-2018-14361
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*