CVE-2014-9116: Buffer Overflow
First published: Wed Nov 26 2014(Updated: )
A heap-based buffer overflow flaw was reported in the mutt_substrdup() function in Mutt. Opening a specially-crafted mail message could cause mutt to crash or, potentially, execute arbitrary code. CVE request: <a href="http://www.openwall.com/lists/oss-security/2014/11/27/5">http://www.openwall.com/lists/oss-security/2014/11/27/5</a> In testing on Fedora, "set weed=no" had to be set in the user's .muttrc before the issue presented.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/mutt | <=1.5.23-1.1<=1.5.21-6.2+deb7u2 | 1.5.23-2 1.5.20-9+squeeze4 1.5.21-6.2+deb7u3 |
| SUSE Linux Enterprise Desktop | =12 | |
| SUSE SUSE Linux Enterprise Server | =12 | |
| Mutt Mutt | =1.5.23 | |
| Debian Debian Linux | =7.0 | |
| Mageia Mageia | =4.0 | |
| debian/mutt | 2.0.5-4.1+deb11u3 2.2.12-0.1~deb12u1 2.2.9-1+deb12u1 2.2.13-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lcamtuf.coredump.cx/afl/
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125
- https://security-tracker.debian.org/tracker/CVE-2014-9116
- http://cve.mitre.org/cve/request_id.html
- http://bugs.debian.org/771125
- http://dev.mutt.org/trac/changeset/897dcc62e4aa
- http://dev.mutt.org/trac/changeset/f251d523ca5a
- https://security-tracker.debian.org/tracker/CVE-2014-0467
- http://advisories.mageia.org/MGASA-2014-0509.html
- http://dev.mutt.org/trac/ticket/3716
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.html
- http://www.debian.org/security/2014/dsa-3083
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:245
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:078
- http://www.openwall.com/lists/oss-security/2014/11/27/5
- http://www.openwall.com/lists/oss-security/2014/11/27/9
- http://www.securityfocus.com/bid/71334
- http://www.securitytracker.com/id/1031266
- https://bugzilla.redhat.com/show_bug.cgi?id=1168463
- https://security.gentoo.org/glsa/201701-04
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1168464
- https://access.redhat.com/security/cve/CVE-2014-9116
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1168463#c0
- http://dev.mutt.org/trac/ticket/3483
- http://dev.mutt.org/trac/changeset/f01b306ebe0e
- http://dev.mutt.org/trac/ticket/3385
- http://dev.mutt.org/trac/changeset/0a29e3f4f4b9
- http://dev.mutt.org/trac/ticket/3609
- http://dev.mutt.org/trac/changeset/0aebf1df43598b442ac75ae4fe17875351854db0
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1168463#c4
- https://bugzilla.redhat.com/show_bug.cgi?id=1168463#c4
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/author
- agent/severity
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/debian-bugs
- alias/CVE-2014-9116
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/softwarecombine
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- package-manager/debian
- vendor/suse
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/12
- canonical/suse suse linux enterprise server
- version/suse suse linux enterprise server/12
- vendor/mutt
- canonical/mutt mutt
- version/mutt mutt/1.5.23
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/7.0
- vendor/mageia
- canonical/mageia mageia
- version/mageia mageia/4.0