Buffer overflow in Mageia
CVE-2014-9116
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a hea…
Vulnerability class: Buffer Overflow
EPSS: 0.035 (87.9th percentile) — read the EPSS interpretation.
Affected products
- Mageia — versions 4.0
- Mutt — versions 1.5.23
- Debian Debian_linux — versions 7.0
- Suse Linux_enterprise_desktop — versions 12
- Suse Suse_linux_enterprise_server — versions 12
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (x_refsource_CONFIRM, Exploit, Issue Tracking)
- cve@mitre.org (x_refsource_CONFIRM, Exploit, Issue Tracking)
- SUSE-SU-2015:0012 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- 1031266 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
- [oss-security] 20141127 CVE request: mutt: heap-based buffer overflow in mutt_substrdup() (mailing-list, x_refsource_MLIST, Exploit, Mailing List, Third Party Advisory)
- MDVSA-2015:078 (vendor-advisory, x_refsource_MANDRIVA, Broken Link)
- cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
- GLSA-201701-04 (vendor-advisory, x_refsource_GENTOO)
- [oss-security] 20141126 Re: CVE request: mutt: heap-based buffer overflow in mutt_substrdup() (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
Frequently asked questions
- What is CVE-2014-9116?
- CVE-2014-9116 is a vulnerability in Mageia, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-12-02.
- Is CVE-2014-9116 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.