CVE-2014-9116
EPSS 3.5%mutt - security update
發布日:2014/12/2修改日:2026/4/28
描述
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
受影響套件(3)
- Debian/muttfrom 0, < 1.5.23-2
- Debian/muttfrom 0, < 1.5.20-9+squeeze4
- Debian/muttfrom 0, < 1.5.21-6.2+deb7u3