An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.
{ "vanir_signatures": [ { "digest": { "length": 1386.0, "function_hash": "154302456122448875455846131541643950268" }, "signature_version": "v1", "deprecated": false, "source": "https://gitlab.com/muttmua/mutt@3287534daa3beac68e2e83ca4b4fe8a3148ff870", "target": { "file": "imap/message.c", "function": "msg_parse_fetch" }, "id": "CVE-2018-14358-145126c7", "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "93739536329132482577780085330414494506", "89623844127464734672561698265844710722", "312621449380333503074025735417143736430", "164240837000789788690575434048735643460", "212135822938677333184911044294115489866", "151296201393930510525014542426219262824", "184008049592375935414174311714653442460", "292144793002905470110021264074915209462" ] }, "signature_version": "v1", "deprecated": false, "source": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485", "target": { "file": "imap/message.c" }, "id": "CVE-2018-14358-9764ef6f", "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "8525851027834141620610714942272206519", "174842468254924039886541206593623153941", "159792898526481831599688513931432891952", "12140011099921172601959797553443860975", "93739536329132482577780085330414494506", "89623844127464734672561698265844710722", "312621449380333503074025735417143736430", "164240837000789788690575434048735643460", "240577098635987668194475911666063740544", "212135822938677333184911044294115489866", "151296201393930510525014542426219262824", "272114906483481758976872700716585613775", "56348372279750545748120155881897186057", "143274065329103445254940933431446785329" ] }, "signature_version": "v1", "deprecated": false, "source": "https://gitlab.com/muttmua/mutt@3287534daa3beac68e2e83ca4b4fe8a3148ff870", "target": { "file": "imap/message.c" }, "id": "CVE-2018-14358-b7053886", "signature_type": "Line" }, { "digest": { "length": 1376.0, "function_hash": "179942351125219569183445254924656911584" }, "signature_version": "v1", "deprecated": false, "source": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485", "target": { "file": "imap/message.c", "function": "msg_parse_fetch" }, "id": "CVE-2018-14358-cca37b56", "signature_type": "Function" } ] }