{"id":"MGASA-2018-0447","summary":"Updated mutt packages fix security vulnerability","details":"It was discovered that Mutt incorrectly handled certain requests. An\nattacker could possibly use this to execute arbitrary code (CVE-2018-14350,\nCVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358,\nCVE-2018-14353 ,CVE-2018-14357).\n\nIt was discovered that Mutt incorrectly handled certain inputs. An attacker\ncould possibly use this to access or expose sensitive information\n(CVE-2018-14355, CVE-2018-14356, CVE-2018-14351, CVE-2018-14362,\nCVE-2018-14349).\n\nnntp_add_group in newsrc.c has a stack-based buffer overflow because of\nincorrect sscanf usage (CVE-2018-14360).\n\nnntp.c proceeds even if memory allocation fails for messages data\n(CVE-2018-14361).\n\nnewsrc.c does not properlyrestrict '/' characters that may have unsafe\ninteraction with cache pathnames (CVE-2018-14363).\n","modified":"2026-04-16T06:24:56.339273229Z","published":"2018-11-15T22:04:32Z","upstream":["CVE-2018-14349","CVE-2018-14350","CVE-2018-14351","CVE-2018-14352","CVE-2018-14353","CVE-2018-14354","CVE-2018-14355","CVE-2018-14356","CVE-2018-14357","CVE-2018-14358","CVE-2018-14359","CVE-2018-14360","CVE-2018-14361","CVE-2018-14362","CVE-2018-14363"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0447.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23345"},{"type":"WEB","url":"https://usn.ubuntu.com/3719-1/"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2018-08/msg00027.html"}],"affected":[{"package":{"name":"mutt","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/mutt?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.10.1-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0447.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}