9.8

CVE-2018-14354

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MuttMutt Version < 1.10.1
NeomuttNeomutt Version < 20180716
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.23% 0.926
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

http://www.mutt.org/news.html
Vendor Advisory
Release Notes
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html
Third Party Advisory
Mailing List
https://neomutt.org/2018/07/16/release
Vendor Advisory
Release Notes
https://security.gentoo.org/glsa/201810-07
Third Party Advisory
https://usn.ubuntu.com/3719-3/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4277
Third Party Advisory
https://usn.ubuntu.com/3719-1/
Third Party Advisory
https://usn.ubuntu.com/3719-2/
Third Party Advisory
http://www.securityfocus.com/bid/104925
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:2526
Third Party Advisory
https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb
Patch
Third Party Advisory
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
Patch
Third Party Advisory