Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
445
VMScore

CVE-2022-1328

Published: 14/04/2022 Updated: 14/10/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Mutt

Vulnerability Summary

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 prior to 2.2.3 allows read past end of input line

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mutt mutt

debian debian linux 9.0

fedoraproject fedora 36

Vendor Advisories

Red Hat: Moderate: mutt security update
Synopsis Moderate: mutt security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for mutt is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security ...
Debian CVElist Bug Report Logs: mutt: CVE-2022-1328
Debian Bug report logs - #1009734 mutt: CVE-2022-1328 Package: src:mutt; Maintainer for src:mutt is Mutt maintainers <mutt@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 15 Apr 2022 19:30:02 UTC Severity: important Tags: security, upstream Found in versions mutt/1101-21+deb ...
Ubuntu Security Notice: USN-5392-1: Mutt vulnerabilities
Several security issues were fixed in Mutt ...
Amazon Linux 2: ALAS2-2022-1892
Mutt before 1143 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response (CVE-2020-14093) Mutt before 1143 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate (CVE-2020-14154) Mutt before 1144 and NeoMutt before 2020-06-19 have a STARTTLS bu ...
Amazon Linux AMI: ALAS-2023-1865
A flaw was found in mutt When reading unencoded messages, mutt uses the line length from the untrusted input without any validation This flaw allows an attacker to craft a malicious message, which leads to an out-of-bounds read, causing data leaks that include fragments of other unrelated messages (CVE-2022-1328) ...
Red Hat:
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 09413 before 223 allows read past end of input line ...

Exploits

Exploit DB: Mutt mutt_decode_uuencoded() Memory Disclosure
In mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation This could result in including private memory in replys, for example fragments of other messages, passphrases or keys ...

References

CWE-120https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5https://gitlab.com/muttmua/mutt/-/issues/404https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.jsonhttps://access.redhat.com/errata/RHSA-2022:8219https://ubuntu.com/security/notices/USN-5392-1https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2022-1892.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook