5.3

CVE-2022-1328

Exploit
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MuttMutt Version >= 0.94.13 < 2.2.3
DebianDebian Linux Version9.0
FedoraprojectFedora Version36
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.71% 0.745
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
cve@gitlab.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.json
Third Party Advisory
https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5
Patch
Third Party Advisory
https://gitlab.com/muttmua/mutt/-/issues/404
Patch
Third Party Advisory
Exploit
Issue Tracking