CVE-2018-14358

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-14358
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14358.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-14358
Downstream
Related
Published
2018-07-17T17:29:00Z
Modified
2025-10-14T16:23:50.406431Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.

References

Affected packages

Git / github.com/muttmua/mutt

Affected ranges

Type
GIT
Repo
https://github.com/muttmua/mutt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ed9d7727dc705754871e31cb41420f0ea956495b
Type
GIT
Repo
https://github.com/neomutt/neomutt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1b0f0d0988e6df4e32e9f4bf8780846ea95d4485
Type
GIT
Repo
https://gitlab.com/muttmua/mutt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3287534daa3beac68e2e83ca4b4fe8a3148ff870

Affected versions

Other

mutt-0-92-10i
mutt-0-92-11i
mutt-0-92-9i
mutt-0-93-unstable
mutt-0-94-10i-rel
mutt-0-94-13-rel
mutt-0-94-14-rel
mutt-0-94-15-rel
mutt-0-94-16i-rel
mutt-0-94-17i-rel
mutt-0-94-18-rel
mutt-0-94-5i-rel
mutt-0-94-6i-rel
mutt-0-94-7i-rel
mutt-0-94-8i-rel
mutt-0-94-9i-p1
mutt-0-94-9i-rel
mutt-0-95-rel
mutt-0-96-1-rel
mutt-0-96-2-slightly-post-release
mutt-0-96-3-rel
mutt-0-96-4-rel
mutt-0-96-5-rel
mutt-0-96-6-rel
mutt-0-96-7-rel
mutt-0-96-8-rel
mutt-0-96-rel
mutt-1-1-1-1-rel
mutt-1-1-1-2-rel
mutt-1-1-1-rel
mutt-1-1-10-rel
mutt-1-1-11-rel
mutt-1-1-12-rel
mutt-1-1-13-rel
mutt-1-1-14-rel
mutt-1-1-2-rel
mutt-1-1-3-rel
mutt-1-1-4-rel
mutt-1-1-5-rel
mutt-1-1-6-rel
mutt-1-1-7-rel
mutt-1-1-8-rel
mutt-1-1-9-rel
mutt-1-1-rel
mutt-1-10-rel
mutt-1-3-1-rel
mutt-1-3-10-rel
mutt-1-3-11-rel
mutt-1-3-12-rel
mutt-1-3-13-rel
mutt-1-3-14-rel
mutt-1-3-15-rel
mutt-1-3-16-rel
mutt-1-3-17-rel
mutt-1-3-18-rel
mutt-1-3-19-rel
mutt-1-3-2-rel
mutt-1-3-20-rel
mutt-1-3-21-rel
mutt-1-3-22-1-rel
mutt-1-3-22-rel
mutt-1-3-23-1-rel
mutt-1-3-23-2-rel
mutt-1-3-23-rel
mutt-1-3-24-rel
mutt-1-3-25-rel
mutt-1-3-26-rel
mutt-1-3-27-rel
mutt-1-3-3-rel
mutt-1-3-4-rel
mutt-1-3-5-rel
mutt-1-3-6-rel
mutt-1-3-7-rel
mutt-1-3-8-rel
mutt-1-3-9-rel
mutt-1-3-rel
mutt-1-5-1-rel
mutt-1-5-10-rel
mutt-1-5-11-rel
mutt-1-5-12-rel
mutt-1-5-13-rel
mutt-1-5-14-rel
mutt-1-5-15-rel
mutt-1-5-16-rel
mutt-1-5-17-rel
mutt-1-5-18-rel
mutt-1-5-19-rel
mutt-1-5-2-rel
mutt-1-5-20-rel
mutt-1-5-21-rel
mutt-1-5-22-rel
mutt-1-5-23-rel
mutt-1-5-24-rel
mutt-1-5-3-rel
mutt-1-5-4-rel
mutt-1-5-5-1-rel
mutt-1-5-5-rel
mutt-1-5-6-rel
mutt-1-5-7-rel
mutt-1-5-8-rel
mutt-1-5-9-rel
mutt-1-6-1-rel
mutt-1-6-2-rel
mutt-1-6-rel
mutt-1-7-1-rel
mutt-1-7-2-rel
mutt-1-7-rel
mutt-1-8-1-rel
mutt-1-8-2-rel
mutt-1-8-3-rel
mutt-1-8-rel
mutt-1-9-1-rel
mutt-1-9-2-rel
mutt-1-9-3-rel
mutt-1-9-4-rel
mutt-1-9-5-rel
mutt-1-9-rel
neomutt-20160822
neomutt-20160827
neomutt-20160910
neomutt-20160916
neomutt-20161002
neomutt-20161003
neomutt-20161014
neomutt-20161028
neomutt-20161104
neomutt-20161126
neomutt-20170113
neomutt-20170128
neomutt-20170206
neomutt-20170225
neomutt-20170306
neomutt-20170414
neomutt-20170421
neomutt-20170428
neomutt-20170526
neomutt-20170602
neomutt-20170609
neomutt-20170707
neomutt-20170714
neomutt-20170907
neomutt-20170912
neomutt-20171006
neomutt-20171013
neomutt-20171027
neomutt-20171208
neomutt-20171215
neomutt-20180223
neomutt-20180323
neomutt-20180512
neomutt-20180622
post-type-punning-patch
pre-type-punning-patch

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1386.0,
                "function_hash": "154302456122448875455846131541643950268"
            },
            "source": "https://gitlab.com/muttmua/mutt@3287534daa3beac68e2e83ca4b4fe8a3148ff870",
            "signature_type": "Function",
            "target": {
                "function": "msg_parse_fetch",
                "file": "imap/message.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2018-14358-145126c7"
        },
        {
            "digest": {
                "line_hashes": [
                    "93739536329132482577780085330414494506",
                    "89623844127464734672561698265844710722",
                    "312621449380333503074025735417143736430",
                    "164240837000789788690575434048735643460",
                    "212135822938677333184911044294115489866",
                    "151296201393930510525014542426219262824",
                    "184008049592375935414174311714653442460",
                    "292144793002905470110021264074915209462"
                ],
                "threshold": 0.9
            },
            "source": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485",
            "signature_type": "Line",
            "target": {
                "file": "imap/message.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2018-14358-9764ef6f"
        },
        {
            "digest": {
                "line_hashes": [
                    "8525851027834141620610714942272206519",
                    "174842468254924039886541206593623153941",
                    "159792898526481831599688513931432891952",
                    "12140011099921172601959797553443860975",
                    "93739536329132482577780085330414494506",
                    "89623844127464734672561698265844710722",
                    "312621449380333503074025735417143736430",
                    "164240837000789788690575434048735643460",
                    "240577098635987668194475911666063740544",
                    "212135822938677333184911044294115489866",
                    "151296201393930510525014542426219262824",
                    "272114906483481758976872700716585613775",
                    "56348372279750545748120155881897186057",
                    "143274065329103445254940933431446785329"
                ],
                "threshold": 0.9
            },
            "source": "https://gitlab.com/muttmua/mutt@3287534daa3beac68e2e83ca4b4fe8a3148ff870",
            "signature_type": "Line",
            "target": {
                "file": "imap/message.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2018-14358-b7053886"
        },
        {
            "digest": {
                "length": 1376.0,
                "function_hash": "179942351125219569183445254924656911584"
            },
            "source": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485",
            "signature_type": "Function",
            "target": {
                "function": "msg_parse_fetch",
                "file": "imap/message.c"
            },
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2018-14358-cca37b56"
        }
    ]
}