REDHAT-BUG-1168463: Buffer Overflow
First published: Thu Nov 27 2014(Updated: )
A heap-based buffer overflow flaw was reported in the mutt_substrdup() function in Mutt. Opening a specially-crafted mail message could cause mutt to crash or, potentially, execute arbitrary code. CVE request: <a href="http://www.openwall.com/lists/oss-security/2014/11/27/5">http://www.openwall.com/lists/oss-security/2014/11/27/5</a> In testing on Fedora, "set weed=no" had to be set in the user's .muttrc before the issue presented.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mutt |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2014/11/27/5
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1168464
- https://access.redhat.com/security/cve/CVE-2014-9116
- http://www.openwall.com/lists/oss-security/2014/11/27/9
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1168463#c0
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125
- http://dev.mutt.org/trac/ticket/3483
- http://dev.mutt.org/trac/changeset/f01b306ebe0e
- http://dev.mutt.org/trac/ticket/3385
- http://dev.mutt.org/trac/changeset/0a29e3f4f4b9
- http://dev.mutt.org/trac/ticket/3609
- http://dev.mutt.org/trac/changeset/897dcc62e4aa
- http://dev.mutt.org/trac/changeset/f251d523ca5a
- http://dev.mutt.org/trac/ticket/3716
- http://dev.mutt.org/trac/changeset/0aebf1df43598b442ac75ae4fe17875351854db0
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1168463#c4
- https://bugzilla.redhat.com/show_bug.cgi?id=1168463
Frequently Asked Questions
What is the severity of REDHAT-BUG-1168463?
The severity of REDHAT-BUG-1168463 is classified as high due to the potential for arbitrary code execution.
How do I fix REDHAT-BUG-1168463?
To fix REDHAT-BUG-1168463, update Mutt to the latest version that addresses the heap-based buffer overflow flaw.
What is the impact of REDHAT-BUG-1168463 on Mutt users?
The impact of REDHAT-BUG-1168463 on Mutt users includes the risk of the application crashing or the possibility of arbitrary code execution when opening crafted email messages.
Which versions of Mutt are affected by REDHAT-BUG-1168463?
Versions of Mutt prior to the security update addressing REDHAT-BUG-1168463 may be affected by this vulnerability.
What kind of vulnerability is REDHAT-BUG-1168463?
REDHAT-BUG-1168463 is a heap-based buffer overflow vulnerability in the mutt_substrdup() function.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-9116
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mutt
- canonical/mutt