CVE-2018-14353 - Integer Underflow (Wrap or Wraparound)

Severity

98%

Complexity

39%

Confidentiality

98%

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.

CVSS 3.0 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

CVSS 3.1 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Demo Examples

Integer Underflow (Wrap or Wraparound)

CWE-191

The following example subtracts from a 32 bit signed integer.


               
}
return 0;

The example has an integer underflow. The value of i is already at the lowest negative value possible, so after subtracting 1, the new value of i is 2147483647.

Overview

First reported 6 years ago

2018-07-17 17:29:00

Last updated 4 years ago

2020-05-20 01:23:00

Affected Software

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)

16.04

Canonical Ubuntu Linux 18.04 LTS Edition

18.04

Debian Linux 8.0 (Jessie)

8.0

Debian Linux 9.0

9.0

References

http://www.mutt.org/news.html

Release Notes, Vendor Advisory

https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23

Patch, Third Party Advisory

https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d

Patch, Third Party Advisory

[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update

Mailing List, Third Party Advisory

https://neomutt.org/2018/07/16/release

Release Notes, Vendor Advisory

GLSA-201810-07

Third Party Advisory

USN-3719-1

Third Party Advisory

USN-3719-3

Third Party Advisory

DSA-4277

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.