FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mutt -- mutt_decode_uuencoded() can read past the of the input line

Affected packages
mutt < 2.2.3

Details

VuXML ID 6eb9cf14-bab0-11ec-8f59-4437e6ad11c4
Discovery 2022-04-04
Entry 2022-04-12

Tavis Ormandy reports:

mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in message parts, for example fragments of other messages, passphrases or keys in replys

[source]

References

CVE Name CVE-2022-1328
URL https://gitlab.com/muttmua/mutt/-/issues/404

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.