FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mutt -- Remote Buffer Overflow Vulnerability

Affected packages
mutt <= 1.4.2.1_2
mutt-lite <= 1.4.2.1_2
mutt-devel <= 1.5.11_2
mutt-devel-lite <= 1.5.11_2
ja-mutt <= 1.4.2.1.j1
zh-mutt-devel <= 1.5.11_20040617
ja-mutt-devel <= 1.5.6.j1_2
mutt-ng <= 20060501

Details

VuXML ID d2a43243-087b-11db-bc36-0008743bf21a
Discovery 2006-06-26
Entry 2006-06-30

SecurityFocus reports:

Mutt is prone to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

This issue may allow remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the application, denying further service to legitimate users.

References

Bugtraq ID 18642
URL http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git;a=commit;h=dc0272b749f0e2b102973b7ac43dbd3908507540