Main Vulnerability Database SB2018072433

SB2018072433 - Improper input validation in mutt (Alpine package)

Published: July 24, 2018

Security Bulletin ID SB2018072433

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper input validation (CVE-ID: CVE-2018-14351)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to imap/command.c mishandles a long IMAP status mailbox literal count size. A remote attacker can supply specially crafted input and cause the service to crash.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=0d3886cdea880fe65aff164040ab54f9e2d5ee93
https://git.alpinelinux.org/aports/commit/?id=7b76ef5a44a34f2aa0ab6dcbd05653a7f384d5cd
https://git.alpinelinux.org/aports/commit/?id=8096bf545fbce05d5535cb01173187a08a4e7f14
https://git.alpinelinux.org/aports/commit/?id=e16a7290cad51651c51b16468159e0bb5a11f234