Buffer overflow in Mutt

CVE-2014-0467

Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion.

Vulnerability class: Buffer Overflow

EPSS: 0.018 (83.2th percentile) — read the EPSS interpretation.

Affected products

Mutt — versions 1.5, 1.5.1, 1.5.2
Opensuse — versions 11.4, 12.3, 13.1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

DSA-2874 (vendor-advisory, x_refsource_DEBIAN)
USN-2147-1 (x_refsource_UBUNTU, vendor-advisory)
RHSA-2014:0304 (x_refsource_REDHAT, vendor-advisory)
66165 (vdb-entry, x_refsource_BID)
security@debian.org (x_refsource_CONFIRM)
SUSE-SU-2014:0471 (vendor-advisory, x_refsource_SUSE)
1029919 (vdb-entry, x_refsource_SECTRACK)
openSUSE-SU-2014:0434 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2014:0436 (vendor-advisory, x_refsource_SUSE)