Mutt
CVE-2018-14357
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.
AnalysisAI
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
Technical ContextAI
This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription. Affected products include: Mutt, Neomutt, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Enterprise Linux Desktop. Version information: before 1.10.1.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, w
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of i
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today