{"id":"UBUNTU-CVE-2022-1328","details":"Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line","modified":"2026-02-04T03:16:32.615101Z","published":"2022-04-14T21:15:00Z","related":["USN-5392-1","USN-7204-1"],"upstream":["CVE-2022-1328"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-1328"},{"type":"REPORT","url":"https://gitlab.com/muttmua/mutt/-/issues/404"},{"type":"REPORT","url":"https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5"},{"type":"REPORT","url":"https://github.com/neomutt/neomutt/commit/ee7cb4e461c1cdf0ac14817b03687d5908b85f84"},{"type":"REPORT","url":"https://gitlab.com/neomutt/neomutt/-/commit/ee7cb4e461c1cdf0ac14817b03687d5908b85f84"},{"type":"REPORT","url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.json"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2022/04/14/3"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5392-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2022-1328"},{"type":"REPORT","url":"https://github.com/neomutt/neomutt/releases/tag/20220415"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7204-1"}],"affected":[{"package":{"name":"mutt","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/mutt@1.5.24-1ubuntu0.6+esm2?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.24-1ubuntu0.6+esm2"}]}],"versions":["1.5.23-3.1ubuntu1","1.5.23-3.1ubuntu2","1.5.24-1","1.5.24-1build1","1.5.24-1ubuntu0.1","1.5.24-1ubuntu0.2","1.5.24-1ubuntu0.3","1.5.24-1ubuntu0.4","1.5.24-1ubuntu0.5","1.5.24-1ubuntu0.6"],"ecosystem_specific":{"binaries":[{"binary_version":"1.5.24-1ubuntu0.6+esm2","binary_name":"mutt"},{"binary_version":"1.5.24-1ubuntu0.6+esm2","binary_name":"mutt-patched"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-1328.json"}},{"package":{"name":"mutt","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/mutt@1.9.4-3ubuntu0.6?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.4-3ubuntu0.6"}]}],"versions":["1.8.3+neomutt20170609-2build1","1.9.1-2","1.9.1-3","1.9.1-4","1.9.1-5","1.9.2-1","1.9.3-1","1.9.4-2","1.9.4-3","1.9.4-3ubuntu0.1","1.9.4-3ubuntu0.2","1.9.4-3ubuntu0.3","1.9.4-3ubuntu0.4","1.9.4-3ubuntu0.5"],"ecosystem_specific":{"binaries":[{"binary_version":"1.9.4-3ubuntu0.6","binary_name":"mutt"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-1328.json"}},{"package":{"name":"neomutt","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/neomutt@20171215+dfsg.1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20171215+dfsg.1-1ubuntu0.1~esm1"}]}],"versions":["20171027-1","20171027-2","20171027+dfsg.1-1","20171027+dfsg.1-2","20171027+dfsg.1-4","20171208+dfsg.1-1","20171208+dfsg.1-2","20171215+dfsg.1-1"],"ecosystem_specific":{"binaries":[{"binary_version":"20171215+dfsg.1-1ubuntu0.1~esm1","binary_name":"neomutt"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-1328.json"}},{"package":{"name":"mutt","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/mutt@1.13.2-1ubuntu0.5?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.13.2-1ubuntu0.5"}]}],"versions":["1.10.1-2.1","1.12.2-1","1.12.2-2","1.13.0-1","1.13.2-1","1.13.2-1ubuntu0.1","1.13.2-1ubuntu0.2","1.13.2-1ubuntu0.3","1.13.2-1ubuntu0.4"],"ecosystem_specific":{"binaries":[{"binary_version":"1.13.2-1ubuntu0.5","binary_name":"mutt"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-1328.json"}},{"package":{"name":"neomutt","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/neomutt@20191207+dfsg.1-1.1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20191207+dfsg.1-1.1ubuntu0.1~esm1"}]}],"versions":["20180716+dfsg.1-1.2","20191111+dfsg.1-1","20191207+dfsg.1-1.1"],"ecosystem_specific":{"binaries":[{"binary_version":"20191207+dfsg.1-1.1ubuntu0.1~esm1","binary_name":"neomutt"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-1328.json"}},{"package":{"name":"mutt","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/mutt@2.1.4-1ubuntu1.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.4-1ubuntu1.1"}]}],"versions":["2.0.5-4.1build1","2.1.3-1","2.1.4-1","2.1.4-1build1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.1.4-1ubuntu1.1","binary_name":"mutt"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-1328.json"}},{"package":{"name":"neomutt","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/neomutt@20211029+dfsg1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20211029+dfsg1-1ubuntu0.1~esm1"}]}],"versions":["20201127+dfsg.1-1.2","20211029+dfsg1-1"],"ecosystem_specific":{"binaries":[{"binary_version":"20211029+dfsg1-1ubuntu0.1~esm1","binary_name":"neomutt"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-1328.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}