Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-9116

Published: 02/12/2014 Updated: 30/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Suse

Vulnerability Summary

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote malicious users to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.

Vulnerable Product Search on Vulmon Subscribe to Product

suse linux enterprise desktop 12

suse suse linux enterprise server 12

mutt mutt 1.5.23

debian debian linux 7.0

mageia mageia 4.0

Vendor Advisories

Debian CVElist Bug Report Logs: mutt: CVE-2014-9116: write_one_header can call mutt_substrdup with begin > end, leading to crash
Debian Bug report logs - #771125 mutt: CVE-2014-9116: write_one_header can call mutt_substrdup with begin > end, leading to crash Package: mutt; Maintainer for mutt is Mutt maintainers <mutt@packagesdebianorg>; Source for mutt is src:mutt (PTS, buildd, popcon) Reported by: Jakub Wilk <jwilk@debianorg> Date: Wed ...
Ubuntu Security Notice: mutt vulnerability
The mutt mail client could be made to crash if it opened a specially crafted email ...
Debian Security Advisories: DSA-3083-1 mutt -- security update
A flaw was discovered in mutt, a text-based mailreader A specially crafted mail header could cause mutt to crash, leading to a denial of service condition For the stable distribution (wheezy), this problem has been fixed in version 1521-62+deb7u3 For the unstable distribution (sid), this problem has been fixed in version 1523-2 We recommen ...

References

CWE-119https://bugzilla.redhat.com/show_bug.cgi?id=1168463http://www.securityfocus.com/bid/71334http://dev.mutt.org/trac/ticket/3716http://www.debian.org/security/2014/dsa-3083http://www.openwall.com/lists/oss-security/2014/11/27/9http://www.securitytracker.com/id/1031266http://www.openwall.com/lists/oss-security/2014/11/27/5https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2014:245http://advisories.mageia.org/MGASA-2014-0509.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:078https://security.gentoo.org/glsa/201701-04https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125https://usn.ubuntu.com/2440-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook