CVE-2019-XXXX

Name of the Vulnerable Software and Affected Versions: hiredis versions 0.14.0 and earlier MediaWiki versions prior to 1.31.8 mutt (affected versions not specified) cyrus-sasl (affected versions not specified)

Description: The issue involves several software packages, including hiredis, MediaWiki, mutt, and cyrus-sasl. In hiredis, there is a NULL pointer dereference due to unchecked malloc return values in async.c and dict.c. For MediaWiki, private wikis may have had their files cached publicly due to mishandled Cache-Control and Vary headers. The mutt package has an issue with the invalid format of an RFC parameter passed to the atoi() function, potentially leading to unexpected behavior. Lastly, cyrus-sasl has an out-of-bounds write vulnerability in the sasl add string() function, which can cause denial-of-service conditions.

Recommendations: For hiredis versions 0.14.0 and earlier, update to a version later than 0.14.0 to resolve the NULL pointer dereference issue. For MediaWiki versions prior to 1.31.8, update to version 1.31.8 or later to fix the issue with mishandled Cache-Control and Vary headers. For mutt, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For cyrus-sasl, at the moment, there is no information about a newer version that contains a fix for this vulnerability.