FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
29b13a34-b1d2-11ea-a11c-4437e6ad11c4Machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP

mutt 1.14.4 updates:

CVE-2020-14954 - Machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP


Discovery 2020-06-16
Entry 2020-06-24
mutt
le 1.14.3

CVE-2020-14954
https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4
387bbade-5d1d-11eb-bf20-4437e6ad11c4mutt -- denial of service

Tavis Ormandy reports:

rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.


Discovery 2021-01-17
Entry 2021-01-23
mutt
< 2.0.5

https://gitlab.com/muttmua/mutt/-/issues/323
CVE-2021-3181
5b397852-b1d0-11ea-a11c-4437e6ad11c4IMAP fcc/postpone machine-in-the-middle attack

mutt 1.14.3 updates:

CVE-2020-14093 - IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.


Discovery 2020-06-14
Entry 2020-06-24
mutt
le 1.14.2

https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01
CVE-2020-14093
67c05283-5d62-11d8-80e3-0020ed76ef5aBuffer overflow in Mutt 1.4

Mutt 1.4 contains a buffer overflow that could be exploited with a specially formed message, causing Mutt to crash or possibly execute arbitrary code.


Discovery 2004-02-11
Entry 2004-02-12
mutt
ja-mutt
ge 1.4 lt 1.4.2

CVE-2004-0078
http://www.mutt.org/news.html
6eb9cf14-bab0-11ec-8f59-4437e6ad11c4mutt -- mutt_decode_uuencoded() can read past the of the input line

Tavis Ormandy reports:

mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in message parts, for example fragments of other messages, passphrases or keys in replys


Discovery 2022-04-04
Entry 2022-04-12
mutt
< 2.2.3

CVE-2022-1328
https://gitlab.com/muttmua/mutt/-/issues/404
863f95d3-3df1-11dc-b3d3-0016179b2dd5mutt -- buffer overflow vulnerability

Securityfocus reports:

Mutt is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation. An attacker can exploit this issue to execute arbitrary code with the with the privileges of the victim. Failed exploit attempts will result in a denial of service.


Discovery 2007-05-28
Entry 2007-07-29
mutt
mutt-lite
ja-mutt
zh-mutt
< 1.4.2.3

24192
CVE-2007-2683
http://www.redhat.com/support/errata/RHSA-2007-0386.html
a2f35081-8a02-11e8-8fa5-4437e6ad11c4mutt -- remote code injection and path traversal vulnerability

Kevin J. McCarthy reports:

Fixes a remote code injection vulnerability when "subscribing" to an IMAP mailbox, either via $imap_check_subscribed, or via the function in the browser menu. Mutt was generating a "mailboxes" command and sending that along to the muttrc parser. However, it was not escaping "`", which executes code and inserts the result. This would allow a malicious IMAP server to execute arbitrary code (for $imap_check_subscribed).

Fixes POP body caching path traversal vulnerability.

Fixes IMAP header caching path traversal vulnerability.

CVE-2018-14349 - NO Response Heap Overflow

CVE-2018-14350 - INTERNALDATE Stack Overflow

CVE-2018-14351 - STATUS Literal Length relative write

CVE-2018-14352 - imap_quote_string off-by-one stack overflow

CVE-2018-14353 - imap_quote_string int underflow

CVE-2018-14354 - imap_subscribe Remote Code Execution

CVE-2018-14355 - STATUS mailbox header cache directory traversal

CVE-2018-14356 - POP empty UID NULL deref

CVE-2018-14357 - LSUB Remote Code Execution

CVE-2018-14358 - RFC822.SIZE Stack Overflow

CVE-2018-14359 - base64 decode Stack Overflow

CVE-2018-14362 - POP Message Cache Directory Traversal


Discovery 2018-07-15
Entry 2018-07-17
mutt
< 1.10.1

CVE-2018-14349
CVE-2018-14350
CVE-2018-14351
CVE-2018-14352
CVE-2018-14353
CVE-2018-14354
CVE-2018-14355
CVE-2018-14356
CVE-2018-14357
CVE-2018-14358
CVE-2018-14359
CVE-2018-14362
http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html
c3d43001-8064-11e4-801f-0022156e8794mutt -- denial of service via crafted mail message

NVD reports:

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.


Discovery 2014-11-26
Entry 2014-12-23
mutt
ge 1.5.22 lt 1.5.23_7

ja-mutt
ge 1.5.22 lt 1.5.23_7

zh-mutt
ge 1.5.22 lt 1.5.23_7

71334
CVE-2014-9116
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125
http://dev.mutt.org/trac/ticket/3716
d2a43243-087b-11db-bc36-0008743bf21amutt -- Remote Buffer Overflow Vulnerability

SecurityFocus reports:

Mutt is prone to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

This issue may allow remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the application, denying further service to legitimate users.


Discovery 2006-06-26
Entry 2006-06-30
mutt
mutt-lite
le 1.4.2.1_2

mutt-devel
mutt-devel-lite
le 1.5.11_2

ja-mutt
le 1.4.2.1.j1

zh-mutt-devel
le 1.5.11_20040617

ja-mutt-devel
le 1.5.6.j1_2

mutt-ng
le 20060501

18642
http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git;a=commit;h=dc0272b749f0e2b102973b7ac43dbd3908507540
dc132c91-2b71-11eb-8cfd-4437e6ad11c4mutt -- authentication credentials being sent over an unencrypted connection

Kevin J. McCarthy reports:

Mutt had incorrect error handling when initially connecting to an IMAP server, which could result in an attempt to authenticate without enabling TLS.


Discovery 2020-11-20
Entry 2020-11-20
mutt
< 2.0.2

CVE-2020-28896
https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a
eb426e82-ab68-11e3-9d09-000c2980a9f3mutt -- denial of service, potential remote code execution

Beatrice Torracca and Evgeni Golov report:

A buffer overflow has been discovered that could result in denial of service or potential execution of arbitrary code.

This condition can be triggered by malformed RFC2047 header lines


Discovery 2014-03-12
Entry 2014-03-14
mutt
< 1.5.23

CVE-2014-0467
http://packetstormsecurity.com/files/cve/CVE-2014-0467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467
fe12ef83-8b47-11e8-96cc-001a4a7ec6bemutt/neomutt -- multiple vulnerabilities

NeoMutt report:

Description

CVE-2018-14349

NO Response Heap Overflow

CVE-2018-14350

INTERNALDATE Stack Overflow

CVE-2018-14351

STATUS Literal Length relative write

CVE-2018-14352

imap_quote_string off-by-one stack overflow

CVE-2018-14353

imap_quote_string int underflow

CVE-2018-14354

imap_subscribe Remote Code Execution

CVE-2018-14355

STATUS mailbox header cache directory traversal

CVE-2018-14356

POP empty UID NULL deref

CVE-2018-14357

LSUB Remote Code Execution

CVE-2018-14358

RFC822.SIZE Stack Overflow

CVE-2018-14359

base64 decode Stack Overflow

CVE-2018-14360

NNTP Group Stack Overflow

CVE-2018-14361

NNTP Write 1 where via GROUP response

CVE-2018-14362

POP Message Cache Directory Traversal

CVE-2018-14363

NNTP Header Cache Directory Traversal


Discovery 2018-07-10
Entry 2018-07-19
neomutt
< 20180716

mutt
< 1.10.1

mutt14
< *

CVE-2018-14349
CVE-2018-14350
CVE-2018-14351
CVE-2018-14352
CVE-2018-14353
CVE-2018-14354
CVE-2018-14355
CVE-2018-14356
CVE-2018-14357
CVE-2018-14358
CVE-2018-14359
CVE-2018-14360
CVE-2018-14361
CVE-2018-14362
CVE-2018-14363
https://github.com/neomutt/neomutt/releases/tag/neomutt-20180716