Your submission was sent successfully! Close

CVE-2018-14362

Published: 17 July 2018

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
mutt
Launchpad, Ubuntu, Debian
Upstream
Released (1.10.1)
Ubuntu 21.10 (Impish Indri)
Released (1.10.1-1)
Ubuntu 21.04 (Hirsute Hippo)
Released (1.10.1-1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (1.10.1-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.9.4-3ubuntu0.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.5.24-1ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.5.21-6.4ubuntu2.2])
Patches:
Other: https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576
neomutt
Launchpad, Ubuntu, Debian
Upstream
Released (20180716+dfsg.1-1)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(20180716+dfsg.1-1.2)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(20180716+dfsg.1-1.2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(20180716+dfsg.1-1.2)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist