Lucene search

FreeBSD6EB9CF14-BAB0-11EC-8F59-4437E6AD11C4

HistoryApr 04, 2022 - 12:00 a.m.

mutt -- mutt_decode_uuencoded() can read past the of the input line

2022-04-0400:00:00

vuxml.freebsd.org

security vulnerability

memory exposure

uuencode vulnerability

unix

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.003

Percentile

70.0%

JSON

Tavis Ormandy reports:

mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in message parts, for example fragments of other messages, passphrases or keys in replys

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchmutt< 2.2.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	mutt	< 2.2.3	UNKNOWN

References

gitlab.com/muttmua/mutt/-/issues/404

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.003

Percentile

70.0%

JSON

Related for 6EB9CF14-BAB0-11EC-8F59-4437E6AD11C4