CVE-2014-9116
Published: 2 December 2014
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
Notes
Author | Note |
---|---|
sbeattie | patches that updated SKIP_WSP ended up introducing regressions when displaying headers |
Priority
Status
Package | Release | Status |
---|---|---|
mutt Launchpad, Ubuntu, Debian |
lucid |
Released
(1.5.20-7ubuntu1.3)
|
precise |
Released
(1.5.21-5ubuntu2.2)
|
|
trusty |
Released
(1.5.21-6.4ubuntu2.1)
|
|
upstream |
Needed
|
|
utopic |
Released
(1.5.23-1.1ubuntu0.2)
|
|
Patches: upstream: http://dev.mutt.org/trac/attachment/ticket/3716/ticket-3716-stable.patch |