FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mutt -- denial of service via crafted mail message

Affected packages
1.5.22 <= mutt < 1.5.23_7
1.5.22 <= ja-mutt < 1.5.23_7
1.5.22 <= zh-mutt < 1.5.23_7

Details

VuXML ID c3d43001-8064-11e4-801f-0022156e8794
Discovery 2014-11-26
Entry 2014-12-23

NVD reports:

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.

References

Bugtraq ID 71334
CVE Name CVE-2014-9116
URL http://dev.mutt.org/trac/ticket/3716
URL https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125