CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
86.0%
Kevin J. McCarthy reports:
Fixes a remote code injection vulnerability when “subscribing”
to an IMAP mailbox, either via $imap_check_subscribed, or via the
<subscribe> function in the browser menu. Mutt was generating a
“mailboxes” command and sending that along to the muttrc parser.
However, it was not escaping “`”, which executes code and inserts
the result. This would allow a malicious IMAP server to execute
arbitrary code (for $imap_check_subscribed).
Fixes POP body caching path traversal vulnerability.
Fixes IMAP header caching path traversal vulnerability.
CVE-2018-14349 - NO Response Heap Overflow
CVE-2018-14350 - INTERNALDATE Stack Overflow
CVE-2018-14351 - STATUS Literal Length relative write
CVE-2018-14352 - imap_quote_string off-by-one stack overflow
CVE-2018-14353 - imap_quote_string int underflow
CVE-2018-14354 - imap_subscribe Remote Code Execution
CVE-2018-14355 - STATUS mailbox header cache directory traversal
CVE-2018-14356 - POP empty UID NULL deref
CVE-2018-14357 - LSUB Remote Code Execution
CVE-2018-14358 - RFC822.SIZE Stack Overflow
CVE-2018-14359 - base64 decode Stack Overflow
CVE-2018-14362 - POP Message Cache Directory Traversal
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
86.0%