Lucene search

FreeBSD6EB9CF14-BAB0-11EC-8F59-4437E6AD11C4

HistoryApr 04, 2022 - 12:00 a.m.

mutt -- mutt_decode_uuencoded() can read past the of the input line

2022-04-0400:00:00

vuxml.freebsd.org

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.7%

JSON

Tavis Ormandy reports:

mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in message parts, for example fragments of other messages, passphrases or keys in replys

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchmutt< 2.2.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	mutt	< 2.2.3	UNKNOWN

References

gitlab.com/muttmua/mutt/-/issues/404

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.7%

JSON

Related for 6EB9CF14-BAB0-11EC-8F59-4437E6AD11C4