CVE-2018-14355

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mutt versions prior to 1.10.1 NeoMutt versions prior to 2018-07-16

Description The issue is related to errors in handling references to the ".." directory in mailbox names in the imap/util.c component of Mutt and NeoMutt email clients. This can allow a remote attacker to gain unauthorized access to information.

Recommendations For Mutt versions prior to 1.10.1, update to version 1.10.1 or later. For NeoMutt versions prior to 2018-07-16, update to a version released after 2018-07-16. As a temporary workaround, consider restricting access to the imap/util.c component until a patch is available.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2018-2247

ALT-PU-2018-2274

BDU:2019-04312

CESA-2020_1126

CVE-2018-14355

DLA-1455-1

DSA-4277-1

MGASA-2018-0447

OPENSUSE-SU-2018_2212-1

OPENSUSE-SU-2019_0052-1

OPENSUSE-SU-2024:11069-1

OPENSUSE-SU-2024:11079-1

RHSA-2020:1126

RHSA-2020_1126

SUSE-SU-2018:2084-1

SUSE-SU-2018:2085-1

SUSE-SU-2018:2403-1

SUSE-SU-2019:1196-1

USN-3719-1

USN-3719-2

USN-3719-3

USN-7204-1

Affected Products

Alt Linux

Centos

Linuxmint

Mutt

Neomutt

Red Hat

Suse

Ubuntu

CVE-2018-14355

Weakness Enumeration

Related Identifiers

Affected Products

References · 110