PT-2018-3306 · Neomutt+4 · Neomutt+4

Jeriko-One

Publicado

2018-07-07

Atualizado

2025-01-15

CVE-2018-14361

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions NeoMutt versions prior to 2018-07-16

Description The issue is related to errors in handling input data in the nntp.c file of the NeoMutt email client. It may allow a remote attacker to execute arbitrary code if the vulnerability is exploited. The problem arises when memory allocation fails for messages data, but the process continues nonetheless.

Recommendations For versions prior to 2018-07-16, update to a version released after 2018-07-16 to resolve the issue. As a temporary workaround, consider restricting access to the nntp.c file or disabling its functionality until a patch is available.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2018-2247

ALT-PU-2018-2274

BDU:2019-04580

CVE-2018-14361

DLA-1455-1

DSA-4277-1

MGASA-2018-0447

OPENSUSE-SU-2018_2212-1

OPENSUSE-SU-2019_0052-1

OPENSUSE-SU-2024:11069-1

OPENSUSE-SU-2024:11079-1

SUSE-SU-2018:2084-1

SUSE-SU-2018:2085-1

SUSE-SU-2019:1196-1

USN-7204-1

Produtos afetados

Alt Linux

Linuxmint

Neomutt

Suse

Ubuntu

PT-2018-3306 · Neomutt+4 · Neomutt+4

CVE-2018-14361

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 94