CVE-2022-1328

EUVD-2022-24656
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
GitLabCNA
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
muttmutt
0.94.13 ≤
𝑥
< 2.2.3
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mutt
bookworm
2.2.12-0.1~deb12u1
fixed
bookworm (security)
2.2.9-1+deb12u1
fixed
bullseye
2.0.5-4.1+deb11u3
no-dsa
bullseye (security)
2.0.5-4.1+deb11u3
fixed
buster
no-dsa
sid
2.2.13-1
fixed
trixie
2.2.13-1
fixed
neomutt
bookworm
20220429+dfsg1-4.1
fixed
bullseye
no-dsa
buster
no-dsa
sid
20241002+dfsg-1
fixed
trixie
20241002+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mutt
bionic
Fixed 1.9.4-3ubuntu0.6
released
focal
Fixed 1.13.2-1ubuntu0.5
released
impish
Fixed 2.0.5-4.1ubuntu0.1
released
jammy
Fixed 2.1.4-1ubuntu1.1
released
kinetic
Fixed 2.2.3-2
released
lunar
Fixed 2.2.3-2
released
mantic
Fixed 2.2.3-2
released
noble
Fixed 2.2.3-2
released
trusty
ignored
xenial
Fixed 1.5.24-1ubuntu0.6+esm2
released
neomutt
bionic
needed
focal
needed
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
ignored
xenial
ignored
Common Weakness Enumeration
References
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.json
https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5
https://gitlab.com/muttmua/mutt/-/issues/404
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.json
https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5
https://gitlab.com/muttmua/mutt/-/issues/404