Vulnerability Details : CVE-2018-14361
An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data.
Vulnerability category: Input validation
Products affected by CVE-2018-14361
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-14361
0.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-14361
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-14361
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-14361
-
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html
[SECURITY] [DLA 1455-1] mutt security updateMailing List;Third Party Advisory
-
https://www.debian.org/security/2018/dsa-4277
Debian -- Security Information -- DSA-4277-1 muttThird Party Advisory
-
https://neomutt.org/2018/07/16/release
Release 2018-07-16 - NeoMuttRelease Notes;Vendor Advisory
-
https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585
Add alloc fail check in nntp_fetch_headers · neomutt/neomutt@9e927af · GitHubPatch;Third Party Advisory
Jump to