CVE-2022-1328

Published on: Not Yet Published

Last Modified on: 10/14/2022 12:49:00 PM UTC

CVE-2022-1328

Certain versions of Debian Linux from Debian contain the following vulnerability:

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line

CVE-2022-1328 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
Affected Vendor/Software: Mutt - Mutt version >=0.94.13, <2.2.3

CVSS3 Score: 5.3 - MEDIUM

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
NETWORK	LOW	NONE	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	LOW	NONE	NONE

CVSS2 Score: 5 - MEDIUM

Access Vector^ⓘ	Access Complexity	Authentication
NETWORK	LOW	NONE
Confidentiality Impact	Integrity Impact	Availability Impact
PARTIAL	NONE	NONE

CVE References

Description	Tags ^ⓘ	Link
[SECURITY] Fedora 36 Update: mutt-2.2.5-1.fc36 - package-announce - Fedora Mailing-Lists	lists.fedoraproject.org text/html	FEDORA FEDORA-2022-f1a8f72bb8
Fix uudecode buffer overflow. (e5ed080c) · Commits · Mutt Project / mutt · GitLab	gitlab.com text/html	MISC gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5
[SECURITY] [DLA 2999-1] mutt security update	lists.debian.org text/html	MLIST [debian-lts-announce] 20220510 [SECURITY] [DLA 2999-1] mutt security update
SECURITY: mutt_decode_uuencoded() can read past the of the input line (#404) · Issues · Mutt Project / mutt · GitLab	gitlab.com text/html	MISC gitlab.com/muttmua/mutt/-/issues/404
oss-security - mutt 2.2.3 released - fixes CVE-2022-1328	www.openwall.com text/html	MLIST [oss-security] 20220414 mutt 2.2.3 released - fixes CVE-2022-1328
2022/CVE-2022-1328.json · master · GitLab.org / cves · GitLab	gitlab.com text/html	CONFIRM gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.json
Mutt mutt_decode_uuencoded() Memory Disclosure ≈ Packet Storm	packetstormsecurity.com text/html	MISC packetstormsecurity.com/files/167717/Mutt-mutt_decode_uuencoded-Memory-Disclosure.html

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

160214 Oracle Enterprise Linux Security Update for mutt (ELSA-2022-7640)
160299 Oracle Enterprise Linux Security Update for mutt (ELSA-2022-8219)
179275 Debian Security Update for mutt (DLA 2999-1)
180860 Debian Security Update for mutt (CVE-2022-1328)
198757 Ubuntu Security Notification for Mutt Vulnerabilities (USN-5392-1)
240831 Red Hat Update for mutt (RHSA-2022:7640)
240897 Red Hat Update for mutt (RHSA-2022:8219)
282814 Fedora Security Update for mutt (FEDORA-2022-f1a8f72bb8)
296082 Oracle Solaris 11.4 Support Repository Update (SRU) 48.126.1 Missing (CPUJUL2022)
354118 Amazon Linux Security Advisory for mutt : ALAS2-2022-1892
502119 Alpine Linux Security Update for mutt
671831 EulerOS Security Update for mutt (EulerOS-SA-2022-1904)
671986 EulerOS Security Update for mutt (EulerOS-SA-2022-2138)
672012 EulerOS Security Update for mutt (EulerOS-SA-2022-2163)
690845 Free Berkeley Software Distribution (FreeBSD) Security Update for mutt (6eb9cf14-bab0-11ec-8f59-4437e6ad11c4)
752074 SUSE Enterprise Linux Security Update for mutt (SUSE-SU-2022:1376-1)
752091 SUSE Enterprise Linux Security Update for mutt (SUSE-SU-2022:1478-1)
901786 Common Base Linux Mariner (CBL-Mariner) Security Update for mutt (9472)
940767 AlmaLinux Security Update for mutt (ALSA-2022:7640)
940808 AlmaLinux Security Update for mutt (ALSA-2022:8219)
960174 Rocky Linux Security Update for mutt (RLSA-2022:7640)
960548 Rocky Linux Security Update for mutt (RLSA-2022:8219)

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	36	All	All	All
Application	Mutt	Mutt	All	All	All	All

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*:
cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*:

Discovery Credit

Tavis Ormandy

Social Mentions

Source	Title	Posted (UTC)
@OpenBSD_ports	[email protected] modified mail/mutt: update to mutt-2.2.3 This is a bug-fix release, addressing CVE-2022-1328: a buffer overr… twitter.com/i/web/status/1…	2022-04-12 20:55:23
@CVEreport	CVE-2022-1328 : Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allo… twitter.com/i/web/status/1…	2022-04-14 21:13:30
@LinInfoSec	Gitlab - CVE-2022-1328: gitlab.com/muttmua/mutt/-…	2022-04-14 23:00:06
/r/netcve	CVE-2022-1328	2022-04-14 22:38:11