AVG-740 log

Package neomutt
Status Fixed
Severity High
Type multiple issues
Affected 20180622-2
Fixed 20180716-1
Current 20241212-1 [extra]
Ticket None
Created Fri Jul 20 21:50:36 2018
Issue Severity Remote Type Description
CVE-2018-14363 Medium Yes Directory traversal
An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames.
CVE-2018-14362 Medium Yes Directory traversal
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with...
CVE-2018-14361 Medium Yes Denial of service
An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data.
CVE-2018-14360 Medium Yes Arbitrary code execution
An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage.
CVE-2018-14359 High Yes Arbitrary code execution
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.
CVE-2018-14358 Medium Yes Arbitrary code execution
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a...
CVE-2018-14357 High Yes Arbitrary command execution
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote...
CVE-2018-14356 Medium Yes Insufficient validation
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.F
CVE-2018-14355 Medium Yes Directory traversal
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name.
CVE-2018-14354 Medium Yes Arbitrary command execution
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote...
CVE-2018-14353 Medium Yes Denial of service
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.
CVE-2018-14352 Medium Yes Denial of service
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters,...
CVE-2018-14351 Medium Yes Denial of service
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size.
CVE-2018-14350 Medium Yes Denial of service
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a...
CVE-2018-14349 Medium Yes Incorrect calculation
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.