![]() NeoMutt report: Description CVE-2018-14349 Mutt/neomutt - multiple vulnerabilities neomutt 20180716 mutt 1.10.1 mutt14 * + arbitrary code (for $imap_check_subscribed).įixes POP body caching path traversal vulnerability.įixes IMAP header caching path traversal vulnerability.ĬVE-2018-14349 - NO Response Heap OverflowĬVE-2018-14350 - INTERNALDATE Stack OverflowĬVE-2018-14351 - STATUS Literal Length relative writeĬVE-2018-14352 - imap_quote_string off-by-one stack overflowĬVE-2018-14353 - imap_quote_string int underflowĬVE-2018-14354 - imap_subscribe Remote Code ExecutionĬVE-2018-14355 - STATUS mailbox header cache directory traversalĬVE-2018-14356 - POP empty UID NULL derefĬVE-2018-14357 - LSUB Remote Code ExecutionĬVE-2018-14358 - RFC822.SIZE Stack OverflowĬVE-2018-14359 - base64 decode Stack OverflowĬVE-2018-14362 - POP Message Cache Directory Traversal This would allow a malicious IMAP server to execute + However, it was not escaping "`", which executes code and inserts ![]() + "mailboxes" command and sending that along to the muttrc parser. + to an IMAP mailbox, either via $imap_check_subscribed, or via the Fixes a remote code injection vulnerability when "subscribing"
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |