An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imapquotestring in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.
{ "vanir_signatures": [ { "deprecated": false, "signature_type": "Line", "target": { "file": "imap/util.c" }, "id": "CVE-2018-14352-45ef1656", "digest": { "line_hashes": [ "208197662098857636302867262058187202232", "41086875850993059863915264337893440600", "267919281465194934696159675631347027828", "82663813847307772799785084971472340363" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "imap/util.c", "function": "imap_quote_string" }, "id": "CVE-2018-14352-bd07d7cb", "digest": { "length": 440.0, "function_hash": "31434170385445925645895292899185855968" }, "signature_version": "v1", "source": "https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "imap/util.c", "function": "_imap_quote_string" }, "id": "CVE-2018-14352-d812d2df", "digest": { "length": 410.0, "function_hash": "40666457325933368291575099386837457356" }, "signature_version": "v1", "source": "https://gitlab.com/muttmua/mutt@e0131852c6059107939893016c8ff56b6e42865d" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "imap/util.c" }, "id": "CVE-2018-14352-e50ea7c2", "digest": { "line_hashes": [ "286825986659692381523275984697414304158", "116272058307513292299683231627710474868", "51651615816479745004171875861077687511", "29959305164162731185766895165259995508", "328072855443475217845821425628390260381", "267919281465194934696159675631347027828", "302858303013732373814235239874974723469", "1059981929047943784357356626914626281", "187464042198075305097852041642751147938", "7002288292590039929813425765991714621", "179605271331145386996960733985749176276", "162105781547520036600742144204354819781", "8696559302285177799845044499702199818", "153173161433175437829475666550604780854" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://gitlab.com/muttmua/mutt@e0131852c6059107939893016c8ff56b6e42865d" } ] }