CVE-2014-0467

Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.html
http://rhn.redhat.com/errata/RHSA-2014-0304.html
http://www.debian.org/security/2014/dsa-2874
http://www.mutt.org/doc/devel/ChangeLog
http://www.securityfocus.com/bid/66165
http://www.securitytracker.com/id/1029919
http://www.ubuntu.com/usn/USN-2147-1
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.html
http://rhn.redhat.com/errata/RHSA-2014-0304.html
http://www.debian.org/security/2014/dsa-2874
http://www.mutt.org/doc/devel/ChangeLog
http://www.securityfocus.com/bid/66165
http://www.securitytracker.com/id/1029919
http://www.ubuntu.com/usn/USN-2147-1

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mutt:mutt::::::::
	cpe:2.3:a:mutt:mutt:1.5:::::::*
	cpe:2.3:a:mutt:mutt:1.5.1:::::::*
	cpe:2.3:a:mutt:mutt:1.5.2:::::::*
	cpe:2.3:a:mutt:mutt:1.5.3:::::::*
	cpe:2.3:a:mutt:mutt:1.5.4:::::::*
	cpe:2.3:a:mutt:mutt:1.5.5:::::::*
	cpe:2.3:a:mutt:mutt:1.5.6:::::::*
	cpe:2.3:a:mutt:mutt:1.5.7:::::::*
	cpe:2.3:a:mutt:mutt:1.5.8:::::::*
	cpe:2.3:a:mutt:mutt:1.5.9:::::::*
	cpe:2.3:a:mutt:mutt:1.5.10:::::::*
	cpe:2.3:a:mutt:mutt:1.5.11:::::::*
	cpe:2.3:a:mutt:mutt:1.5.12:::::::*
	cpe:2.3:a:mutt:mutt:1.5.13:::::::*
	cpe:2.3:a:mutt:mutt:1.5.14:::::::*
	cpe:2.3:a:mutt:mutt:1.5.15:::::::*
	cpe:2.3:a:mutt:mutt:1.5.16:::::::*
	cpe:2.3:a:mutt:mutt:1.5.17:::::::*
	cpe:2.3:a:mutt:mutt:1.5.18:::::::*
	cpe:2.3:a:mutt:mutt:1.5.19:::::::*
	cpe:2.3:a:mutt:mutt:1.5.20:::::::*
	cpe:2.3:a:mutt:mutt:1.5.21:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*

History

21 Nov 2024, 02:02

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html -
References	~~() http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.html -~~	() http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.html -
References	~~() http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.html -~~	() http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.html -
References	~~() http://rhn.redhat.com/errata/RHSA-2014-0304.html -~~	() http://rhn.redhat.com/errata/RHSA-2014-0304.html -
References	~~() http://www.debian.org/security/2014/dsa-2874 -~~	() http://www.debian.org/security/2014/dsa-2874 -
References	~~() http://www.mutt.org/doc/devel/ChangeLog -~~	() http://www.mutt.org/doc/devel/ChangeLog -
References	~~() http://www.securityfocus.com/bid/66165 -~~	() http://www.securityfocus.com/bid/66165 -
References	~~() http://www.securitytracker.com/id/1029919 -~~	() http://www.securitytracker.com/id/1029919 -
References	~~() http://www.ubuntu.com/usn/USN-2147-1 -~~	() http://www.ubuntu.com/usn/USN-2147-1 -

Information

Published : 2014-03-14 15:55

Updated : 2024-11-21 02:02

NVD link : CVE-2014-0467

Mitre link : CVE-2014-0467

CVE.ORG link : CVE-2014-0467

JSON object : View

Products Affected

mutt

mutt

opensuse

opensuse

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

5.0 /10