PT-2018-3306 · Neomutt+4 · Neomutt+4

Jeriko-One

Published

2018-07-07

Updated

2025-01-15

CVE-2018-14361

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions NeoMutt versions prior to 2018-07-16

Description The issue is related to errors in handling input data in the nntp.c file of the NeoMutt email client. It may allow a remote attacker to execute arbitrary code if the vulnerability is exploited. The problem arises when memory allocation fails for messages data, but the process continues nonetheless.

Recommendations For versions prior to 2018-07-16, update to a version released after 2018-07-16 to resolve the issue. As a temporary workaround, consider restricting access to the nntp.c file or disabling its functionality until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2018-2247

ALT-PU-2018-2274

BDU:2019-04580

CVE-2018-14361

DLA-1455-1

DSA-4277-1

MGASA-2018-0447

OPENSUSE-SU-2018_2212-1

OPENSUSE-SU-2019_0052-1

OPENSUSE-SU-2024:11069-1

OPENSUSE-SU-2024:11079-1

SUSE-SU-2018:2084-1

SUSE-SU-2018:2085-1

SUSE-SU-2019:1196-1

USN-7204-1

Affected Products

Alt Linux

Linuxmint

Neomutt

Suse

Ubuntu

PT-2018-3306 · Neomutt+4 · Neomutt+4

CVE-2018-14361

Weakness Enumeration

Related Identifiers

Affected Products

References · 94