FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a2f35081-8a02-11e8-8fa5-4437e6ad11c4mutt -- remote code injection and path traversal vulnerability

Kevin J. McCarthy reports:

Fixes a remote code injection vulnerability when "subscribing" to an IMAP mailbox, either via $imap_check_subscribed, or via the function in the browser menu. Mutt was generating a "mailboxes" command and sending that along to the muttrc parser. However, it was not escaping "`", which executes code and inserts the result. This would allow a malicious IMAP server to execute arbitrary code (for $imap_check_subscribed).

Fixes POP body caching path traversal vulnerability.

Fixes IMAP header caching path traversal vulnerability.

CVE-2018-14349 - NO Response Heap Overflow

CVE-2018-14350 - INTERNALDATE Stack Overflow

CVE-2018-14351 - STATUS Literal Length relative write

CVE-2018-14352 - imap_quote_string off-by-one stack overflow

CVE-2018-14353 - imap_quote_string int underflow

CVE-2018-14354 - imap_subscribe Remote Code Execution

CVE-2018-14355 - STATUS mailbox header cache directory traversal

CVE-2018-14356 - POP empty UID NULL deref

CVE-2018-14357 - LSUB Remote Code Execution

CVE-2018-14358 - RFC822.SIZE Stack Overflow

CVE-2018-14359 - base64 decode Stack Overflow

CVE-2018-14362 - POP Message Cache Directory Traversal


Discovery 2018-07-15
Entry 2018-07-17
mutt
< 1.10.1

CVE-2018-14349
CVE-2018-14350
CVE-2018-14351
CVE-2018-14352
CVE-2018-14353
CVE-2018-14354
CVE-2018-14355
CVE-2018-14356
CVE-2018-14357
CVE-2018-14358
CVE-2018-14359
CVE-2018-14362
http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html