Vulnerability Details : CVE-2018-14349
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.
Vulnerability category: Input validation
Products affected by CVE-2018-14349
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-14349
0.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-14349
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-14349
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-14349
-
https://security.gentoo.org/glsa/201810-07
Mutt, NeoMutt: Multiple vulnerabilities (GLSA 201810-07) — Gentoo securityThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html
[SECURITY] [DLA 1455-1] mutt security updateMailing List;Third Party Advisory
-
http://www.mutt.org/news.html
Mutt NewsRelease Notes;Vendor Advisory
-
https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416
Handle NO response without message properly (9347b5c0) · Commits · Mutt Project / mutt · GitLabPatch;Third Party Advisory
-
https://www.debian.org/security/2018/dsa-4277
Debian -- Security Information -- DSA-4277-1 muttThird Party Advisory
-
https://neomutt.org/2018/07/16/release
Release 2018-07-16 - NeoMuttRelease Notes;Vendor Advisory
-
https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1
Handle NO response without message properly · neomutt/neomutt@36a2928 · GitHubPatch;Third Party Advisory
-
https://usn.ubuntu.com/3719-3/
USN-3719-3: Mutt vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to