diff options
author | Derek Schrock <dereks@lifeofadishwasher.com> | 2022-04-13 06:36:41 +0000 |
---|---|---|
committer | Fernando ApesteguĂa <fernape@FreeBSD.org> | 2022-04-15 17:06:04 +0000 |
commit | 377603c4bf37e99f05751916266e2456fad689e8 (patch) | |
tree | 130497f9806080b23e4b093cde2adba16e4119c1 | |
parent | 9a4fa9dbd9a7557b0ad7d6462cec95d7b9cabd24 (diff) | |
download | ports-377603c4bf37e99f05751916266e2456fad689e8.tar.gz ports-377603c4bf37e99f05751916266e2456fad689e8.zip |
security/vuxml: Add CVE-2022-1328 mail/mutt < 2.2.3
ChangeLog: https://gitlab.com/muttmua/mutt/-/issues/404
PR: 263247
Reported by: dereks@lifeofadishwasher.com
-rw-r--r-- | security/vuxml/vuln-2022.xml | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index 88c3c22640e6..b08e2c2f17aa 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -255,6 +255,32 @@ </dates> </vuln> + <vuln vid="6eb9cf14-bab0-11ec-8f59-4437e6ad11c4"> + <topic>mutt -- mutt_decode_uuencoded() can read past the of the input line</topic> + <affects> + <package> + <name>mutt</name> + <range><lt>2.2.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Tavis Ormandy reports:</p> + <blockquote cite="https://gitlab.com/muttmua/mutt/-/issues/404"> + <p>mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in message parts, for example fragments of other messages, passphrases or keys in replys</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2022-1328</cvename> + <url>https://gitlab.com/muttmua/mutt/-/issues/404</url> + </references> + <dates> + <discovery>2022-04-04</discovery> + <entry>2022-04-12</entry> + </dates> + </vuln> + <vuln vid="b582a85a-ba4a-11ec-8d1e-3065ec8fd3ec"> <topic>Chromium -- mulitple vulnerabilities</topic> <affects> |