Stack-based buffer overflow in mutt (Alpine package)



Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2018-14358
CWE-ID CWE-121
Exploitation vector Network
Public exploit N/A
Vulnerable software
 mutt (Alpine package)
Operating systems & Components / Operating system package or component

Vendor Alpine Linux Development Team

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Stack-based buffer overflow

EUVDB-ID: #VU14144

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-14358

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to stack-based buffer overflow in imap/message.c. A remote attacker can use FETCH response with a long RFC822.SIZE field, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

mutt (Alpine package): 1.5.21-r0 - 1.10.0-r0

CPE2.3 External links

https://git.alpinelinux.org/aports/commit/?id=0d3886cdea880fe65aff164040ab54f9e2d5ee93
https://git.alpinelinux.org/aports/commit/?id=7b76ef5a44a34f2aa0ab6dcbd05653a7f384d5cd
https://git.alpinelinux.org/aports/commit/?id=8096bf545fbce05d5535cb01173187a08a4e7f14
https://git.alpinelinux.org/aports/commit/?id=e16a7290cad51651c51b16468159e0bb5a11f234


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###