FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mutt -- mutt_decode_uuencoded() can read past the of the input line

Affected packages
mutt < 2.2.3


VuXML ID 6eb9cf14-bab0-11ec-8f59-4437e6ad11c4
Discovery 2022-04-04
Entry 2022-04-12

Tavis Ormandy reports:

mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in message parts, for example fragments of other messages, passphrases or keys in replys


CVE Name CVE-2022-1328