SB2014041719 - Buffer overflow in mutt (Alpine package)
Published: April 17, 2014
Security Bulletin ID
SB2014041719
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2014-0467)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=85615dea1a3118f880f0f6670b8d0869cf08a167
- https://git.alpinelinux.org/aports/commit/?id=42c5edd8adbe242324e292e45d5e0629dcd3ecd5
- https://git.alpinelinux.org/aports/commit/?id=bb047f7e617af0cd855a32158cef5f19f3ddf529
- https://git.alpinelinux.org/aports/commit/?id=cde01b6ed9fd07efc639db755932a0cf99f3ff23