CVE-2022-1328

Summary

CVE	CVE-2022-1328
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-04-14 21:15:00 UTC
Updated	2022-10-14 12:49:00 UTC
Description	Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line

Risk And Classification

Problem Types: CWE-120

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	36	All	All	All
Application	Mutt	Mutt	All	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 36 Update: mutt-2.2.5-1.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Fix uudecode buffer overflow. (e5ed080c) · Commits · Mutt Project / mutt · GitLab	MISC	gitlab.com
[SECURITY] [DLA 2999-1] mutt security update	MLIST	lists.debian.org
SECURITY: mutt_decode_uuencoded() can read past the of the input line (#404) · Issues · Mutt Project / mutt · GitLab	MISC	gitlab.com
oss-security - mutt 2.2.3 released - fixes CVE-2022-1328	MLIST	www.openwall.com
2022/CVE-2022-1328.json · master · GitLab.org / cves · GitLab	CONFIRM	gitlab.com
Mutt mutt_decode_uuencoded() Memory Disclosure ≈ Packet Storm	MISC	packetstormsecurity.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Tavis Ormandy

Legacy QID Mappings

160214 Oracle Enterprise Linux Security Update for mutt (ELSA-2022-7640)
160299 Oracle Enterprise Linux Security Update for mutt (ELSA-2022-8219)
179275 Debian Security Update for mutt (DLA 2999-1)
180860 Debian Security Update for mutt (CVE-2022-1328)
198757 Ubuntu Security Notification for Mutt Vulnerabilities (USN-5392-1)
240831 Red Hat Update for mutt (RHSA-2022:7640)
240897 Red Hat Update for mutt (RHSA-2022:8219)
282814 Fedora Security Update for mutt (FEDORA-2022-f1a8f72bb8)
296082 Oracle Solaris 11.4 Support Repository Update (SRU) 48.126.1 Missing (CPUJUL2022)
354118 Amazon Linux Security Advisory for mutt : ALAS2-2022-1892
356452 Amazon Linux Security Advisory for mutt : ALAS-2023-1865
356981 Amazon Linux Security Advisory for mutt : AL2012-2023-465
502119 Alpine Linux Security Update for mutt
671831 EulerOS Security Update for mutt (EulerOS-SA-2022-1904)
671986 EulerOS Security Update for mutt (EulerOS-SA-2022-2138)
672012 EulerOS Security Update for mutt (EulerOS-SA-2022-2163)
690845 Free Berkeley Software Distribution (FreeBSD) Security Update for mutt (6eb9cf14-bab0-11ec-8f59-4437e6ad11c4)
752074 SUSE Enterprise Linux Security Update for mutt (SUSE-SU-2022:1376-1)
752091 SUSE Enterprise Linux Security Update for mutt (SUSE-SU-2022:1478-1)
901786 Common Base Linux Mariner (CBL-Mariner) Security Update for mutt (9472)
907286 Common Base Linux Mariner (CBL-Mariner) Security Update for mutt (9472-1)
940767 AlmaLinux Security Update for mutt (ALSA-2022:7640)
940808 AlmaLinux Security Update for mutt (ALSA-2022:8219)
960174 Rocky Linux Security Update for mutt (RLSA-2022:7640)
960548 Rocky Linux Security Update for mutt (RLSA-2022:8219)