9.8
CVE-2018-14349
- EPSS 3.17%
- Veröffentlicht 17.07.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:48:53
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.17% | 0.863 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.mutt.org/news.html
https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1
https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html
https://neomutt.org/2018/07/16/release
https://security.gentoo.org/glsa/201810-07
https://usn.ubuntu.com/3719-3/
https://www.debian.org/security/2018/dsa-4277