CVE-2018-14359
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-14359
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14359.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-14359
- Downstream
- Related
- Published
- 2018-07-17T17:29:00Z
- Modified
- 2025-10-14T16:23:53.530985Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.
- References
-
- http://www.mutt.org/news.html
- https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85
- https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a
- https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html
- https://neomutt.org/2018/07/16/release
- https://security.gentoo.org/glsa/201810-07
- https://usn.ubuntu.com/3719-1/
- https://usn.ubuntu.com/3719-2/
- https://usn.ubuntu.com/3719-3/
- https://www.debian.org/security/2018/dsa-4277
Affected packages
Git / github.com/muttmua/mutt
Affected ranges
- Type
- GIT
- Repo
- https://github.com/muttmua/mutt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/neomutt/neomutt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://gitlab.com/muttmua/mutt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
mutt-0-92-10i
mutt-0-92-11i
mutt-0-92-9i
mutt-0-93-unstable
mutt-0-94-10i-rel
mutt-0-94-13-rel
mutt-0-94-14-rel
mutt-0-94-15-rel
mutt-0-94-16i-rel
mutt-0-94-17i-rel
mutt-0-94-18-rel
mutt-0-94-5i-rel
mutt-0-94-6i-rel
mutt-0-94-7i-rel
mutt-0-94-8i-rel
mutt-0-94-9i-p1
mutt-0-94-9i-rel
mutt-0-95-rel
mutt-0-96-1-rel
mutt-0-96-2-slightly-post-release
mutt-0-96-3-rel
mutt-0-96-4-rel
mutt-0-96-5-rel
mutt-0-96-6-rel
mutt-0-96-7-rel
mutt-0-96-8-rel
mutt-0-96-rel
mutt-1-1-1-1-rel
mutt-1-1-1-2-rel
mutt-1-1-1-rel
mutt-1-1-10-rel
mutt-1-1-11-rel
mutt-1-1-12-rel
mutt-1-1-13-rel
mutt-1-1-14-rel
mutt-1-1-2-rel
mutt-1-1-3-rel
mutt-1-1-4-rel
mutt-1-1-5-rel
mutt-1-1-6-rel
mutt-1-1-7-rel
mutt-1-1-8-rel
mutt-1-1-9-rel
mutt-1-1-rel
mutt-1-10-rel
mutt-1-3-1-rel
mutt-1-3-10-rel
mutt-1-3-11-rel
mutt-1-3-12-rel
mutt-1-3-13-rel
mutt-1-3-14-rel
mutt-1-3-15-rel
mutt-1-3-16-rel
mutt-1-3-17-rel
mutt-1-3-18-rel
mutt-1-3-19-rel
mutt-1-3-2-rel
mutt-1-3-20-rel
mutt-1-3-21-rel
mutt-1-3-22-1-rel
mutt-1-3-22-rel
mutt-1-3-23-1-rel
mutt-1-3-23-2-rel
mutt-1-3-23-rel
mutt-1-3-24-rel
mutt-1-3-25-rel
mutt-1-3-26-rel
mutt-1-3-27-rel
mutt-1-3-3-rel
mutt-1-3-4-rel
mutt-1-3-5-rel
mutt-1-3-6-rel
mutt-1-3-7-rel
mutt-1-3-8-rel
mutt-1-3-9-rel
mutt-1-3-rel
mutt-1-5-1-rel
mutt-1-5-10-rel
mutt-1-5-11-rel
mutt-1-5-12-rel
mutt-1-5-13-rel
mutt-1-5-14-rel
mutt-1-5-15-rel
mutt-1-5-16-rel
mutt-1-5-17-rel
mutt-1-5-18-rel
mutt-1-5-19-rel
mutt-1-5-2-rel
mutt-1-5-20-rel
mutt-1-5-21-rel
mutt-1-5-22-rel
mutt-1-5-23-rel
mutt-1-5-24-rel
mutt-1-5-3-rel
mutt-1-5-4-rel
mutt-1-5-5-1-rel
mutt-1-5-5-rel
mutt-1-5-6-rel
mutt-1-5-7-rel
mutt-1-5-8-rel
mutt-1-5-9-rel
mutt-1-6-1-rel
mutt-1-6-2-rel
mutt-1-6-rel
mutt-1-7-1-rel
mutt-1-7-2-rel
mutt-1-7-rel
mutt-1-8-1-rel
mutt-1-8-2-rel
mutt-1-8-3-rel
mutt-1-8-rel
mutt-1-9-1-rel
mutt-1-9-2-rel
mutt-1-9-3-rel
mutt-1-9-4-rel
mutt-1-9-5-rel
mutt-1-9-rel
neomutt-20160822
neomutt-20160827
neomutt-20160910
neomutt-20160916
neomutt-20161002
neomutt-20161003
neomutt-20161014
neomutt-20161028
neomutt-20161104
neomutt-20161126
neomutt-20170113
neomutt-20170128
neomutt-20170206
neomutt-20170225
neomutt-20170306
neomutt-20170414
neomutt-20170421
neomutt-20170428
neomutt-20170526
neomutt-20170602
neomutt-20170609
neomutt-20170707
neomutt-20170714
neomutt-20170907
neomutt-20170912
neomutt-20171006
neomutt-20171013
neomutt-20171027
neomutt-20171208
neomutt-20171215
neomutt-20180223
neomutt-20180323
neomutt-20180512
neomutt-20180622
post-type-punning-patch
pre-type-punning-patch
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2018-14359-05af4793",
"signature_type": "Line",
"target": {
"file": "base64.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"153768277961060167864334285826259419747",
"102268880672857639220045249823794651890",
"91963911374221633154355755486277580914",
"228759954250912812009968627975196126421",
"306061266471845467852255193353802948648",
"12237949386884273278726263633432751461",
"108567359504359056847420018003873049691",
"168973084933297240702217529218584275067",
"317984738147789818840482034184599928029",
"131274440305093870320785988238640241765",
"5235631967516439438139742220922542574",
"206970560610027266653948930343907943239",
"332918148049357413899187196729262046995",
"49193754112955113564034482528918717584",
"56768711447245246226032957527712743555"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://gitlab.com/muttmua/mutt@3d9028fec8f4d08db2251096307c0bbbebce669a"
},
{
"id": "CVE-2018-14359-104821c6",
"signature_type": "Line",
"target": {
"file": "imap/auth_gss.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"170621448793913924944827456610963459441",
"231613305411183898125425092925340835388",
"57674962492841657633648559763767418872",
"190383585417449404916987809431088647236",
"189195781954732653695087252928033367904",
"231613305411183898125425092925340835388",
"126345241363695084450643957157535123394",
"146698483804155661625341057630495795170"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85"
},
{
"id": "CVE-2018-14359-1594a896",
"signature_type": "Function",
"target": {
"file": "imap/auth_cram.c",
"function": "imap_auth_cram_md5"
},
"signature_version": "v1",
"digest": {
"length": 1916.0,
"function_hash": "59477742291857329756021059346635954403"
},
"deprecated": false,
"source": "https://gitlab.com/muttmua/mutt@3d9028fec8f4d08db2251096307c0bbbebce669a"
},
{
"id": "CVE-2018-14359-2c110996",
"signature_type": "Function",
"target": {
"file": "test/base64.c",
"function": "test_base64_decode"
},
"signature_version": "v1",
"digest": {
"length": 384.0,
"function_hash": "321899208950797129745099103492249859456"
},
"deprecated": false,
"source": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85"
},
{
"id": "CVE-2018-14359-31d688cf",
"signature_type": "Line",
"target": {
"file": "mutt/base64.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"99127541401354891968740557499048691410",
"218563553126289063637091620286088531771",
"65314913672063152893460603808902691784",
"278178332204841455012917146465815669346",
"69116229459518722593479613001259113566",
"12237949386884273278726263633432751461",
"108567359504359056847420018003873049691",
"168973084933297240702217529218584275067",
"317984738147789818840482034184599928029",
"131274440305093870320785988238640241765",
"5235631967516439438139742220922542574",
"206970560610027266653948930343907943239",
"332918148049357413899187196729262046995",
"49193754112955113564034482528918717584",
"56768711447245246226032957527712743555"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85"
},
{
"id": "CVE-2018-14359-3e4a8dc1",
"signature_type": "Function",
"target": {
"file": "base64.c",
"function": "mutt_from_base64"
},
"signature_version": "v1",
"digest": {
"length": 840.0,
"function_hash": "107395427896516810086388856770809137549"
},
"deprecated": false,
"source": "https://gitlab.com/muttmua/mutt@3d9028fec8f4d08db2251096307c0bbbebce669a"
},
{
"id": "CVE-2018-14359-4a8bcc6e",
"signature_type": "Function",
"target": {
"file": "mutt/rfc2047.c",
"function": "rfc2047_decode_word"
},
"signature_version": "v1",
"digest": {
"length": 863.0,
"function_hash": "1638323998950492409601115114444522290"
},
"deprecated": false,
"source": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85"
},
{
"id": "CVE-2018-14359-50da5f3a",
"signature_type": "Function",
"target": {
"file": "test/base64.c",
"function": "test_base64_lengths"
},
"signature_version": "v1",
"digest": {
"length": 964.0,
"function_hash": "71677689253177498109790607719914175581"
},
"deprecated": false,
"source": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85"
},
{
"id": "CVE-2018-14359-63920874",
"signature_type": "Function",
"target": {
"file": "mutt/base64.c",
"function": "mutt_b64_decode"
},
"signature_version": "v1",
"digest": {
"length": 900.0,
"function_hash": "175135246146244314402470571595301272970"
},
"deprecated": false,
"source": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85"
},
{
"id": "CVE-2018-14359-70a0d26f",
"signature_type": "Line",
"target": {
"file": "imap/auth_gss.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"105792336995991705091679605878165018059",
"197353339740669470422273964615458660047",
"313735985207332729977821800188565738264",
"255805326377243998192486085405375263975",
"301395139188139896051096331662722817812",
"197353339740669470422273964615458660047",
"206593214266595156151305797660451613434",
"137067073770485052816948117490727385077"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://gitlab.com/muttmua/mutt@3d9028fec8f4d08db2251096307c0bbbebce669a"
},
{
"id": "CVE-2018-14359-9f5a3eb9",
"signature_type": "Line",
"target": {
"file": "mutt/rfc2047.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"64208782740477900985491802964397504718",
"284443301940441747854294835906975137245",
"183757353808180020615871866575762758309",
"8460128022264047499354644747027208738",
"36839972933906608377550681745011318206"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85"
},
{
"id": "CVE-2018-14359-a1d6c0af",
"signature_type": "Line",
"target": {
"file": "protos.h"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"320039300503735351256676807857701994002",
"110249849427719621708798847244046893228",
"34915653126548549687352784277821707392",
"304798962263562364598766114544599172252"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://gitlab.com/muttmua/mutt@3d9028fec8f4d08db2251096307c0bbbebce669a"
},
{
"id": "CVE-2018-14359-a7f611d8",
"signature_type": "Function",
"target": {
"file": "imap/auth_gss.c",
"function": "imap_auth_gss"
},
"signature_version": "v1",
"digest": {
"length": 5336.0,
"function_hash": "92302804572294578203596709881741638820"
},
"deprecated": false,
"source": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85"
},
{
"id": "CVE-2018-14359-ac63d2b4",
"signature_type": "Line",
"target": {
"file": "test/base64.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"222738012797999195196208749687944918770",
"263547822552747103974869527851325912787",
"121150018590884657007472397488336408883",
"112773414599001632559095594431014451978",
"141160149137700310356313514980651373321",
"57272758479076932482525074747905917989",
"139131822801831335490898329306531073850",
"265645493996670597783275711526280753912",
"181925229516136098307300524165073184045",
"265477729022385411795722729377075955004",
"221872957325402020560929402050848774224",
"60561988406277786327274450663046903590"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85"
},
{
"id": "CVE-2018-14359-bb0c697f",
"signature_type": "Line",
"target": {
"file": "imap/auth_cram.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"59764822133063358401313791150907963958",
"321681706942428886573620265781489635405",
"118146097623429047065828181292538072095",
"161050960662701466156054628727776605634"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://gitlab.com/muttmua/mutt@3d9028fec8f4d08db2251096307c0bbbebce669a"
},
{
"id": "CVE-2018-14359-c639f3d2",
"signature_type": "Line",
"target": {
"file": "mutt/base64.h"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"62505678466117443887763921933813840273",
"326212190986600335583073669470236954760"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85"
},
{
"id": "CVE-2018-14359-cd4d3254",
"signature_type": "Function",
"target": {
"file": "imap/auth_cram.c",
"function": "imap_auth_cram_md5"
},
"signature_version": "v1",
"digest": {
"length": 1592.0,
"function_hash": "81823740530474063100869658341022898786"
},
"deprecated": false,
"source": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85"
},
{
"id": "CVE-2018-14359-eb3a80a2",
"signature_type": "Line",
"target": {
"file": "imap/auth_cram.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"203564807413086737557197163884376929581",
"117786898421718050285789808502564053871",
"188886481078498107276638481084845740351",
"276291823225065957726669073947937007611"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85"
},
{
"id": "CVE-2018-14359-f79d19cf",
"signature_type": "Function",
"target": {
"file": "imap/auth_gss.c",
"function": "imap_auth_gss"
},
"signature_version": "v1",
"digest": {
"length": 5734.0,
"function_hash": "109547242779399272451787572706066289512"
},
"deprecated": false,
"source": "https://gitlab.com/muttmua/mutt@3d9028fec8f4d08db2251096307c0bbbebce669a"
}
]
}