CVE-2003-0140: Buffer Overflow
First published: Fri Mar 21 2003(Updated: )
Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mutt | =1.3.27 | |
| Mutt | =1.3.16 | |
| Mutt | =1.3.25 | |
| Mutt | =1.3.22 | |
| Mutt | =1.3.24 | |
| Mutt | =1.4.0 | |
| Mutt | =1.3.17 | |
| Mutt | =1.5.3 | |
| Mutt | =1.3.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/archive/1/315679
- http://www.securityfocus.com/bid/7120
- http://www.debian.org/security/2003/dsa-268
- http://www.novell.com/linux/security/advisories/2003_020_mutt.html
- http://www.redhat.com/support/errata/RHSA-2003-109.html
- http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000626
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000630
- http://www.gentoo.org/security/en/glsa/glsa-200303-19.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:041
- http://marc.info/?l=bugtraq&m=105171507629573&w=2
- http://marc.info/?l=bugtraq&m=104852190605988&w=2
- http://marc.info/?l=bugtraq&m=104817995421439&w=2
- http://marc.info/?l=bugtraq&m=104818814931378&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11583
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A434
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2
Frequently Asked Questions
What is the severity of CVE-2003-0140?
CVE-2003-0140 is considered a critical vulnerability due to its potential to allow remote code execution and denial of service.
How do I fix CVE-2003-0140?
To fix CVE-2003-0140, upgrade Mutt to version 1.5.4 or later, or apply the appropriate patches provided by your distribution.
Which versions of Mutt are affected by CVE-2003-0140?
CVE-2003-0140 affects Mutt versions 1.4.0 and earlier, as well as versions 1.5.x up to 1.5.3.
How does CVE-2003-0140 exploit work?
CVE-2003-0140 exploits a buffer overflow vulnerability that allows a crafted folder from an IMAP server to cause a crash or execute arbitrary code.
Is this vulnerability specific to Mutt, or does it affect other programs?
CVE-2003-0140 also affects other programs that utilize Mutt code, such as Balsa before version 2.0.10.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mutt
- canonical/mutt
- version/mutt/1.3.27
- version/mutt/1.3.16
- version/mutt/1.3.25
- version/mutt/1.3.22
- version/mutt/1.3.24
- version/mutt/1.4.0
- version/mutt/1.3.17
- version/mutt/1.5.3
- version/mutt/1.3.12