Main Vulnerability Database Vulnerabilities #VU14143

#VU14143 Command injection in Mutt - CVE-2018-14357

Published: July 31, 2018

Vulnerability identifier: #VU14143

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-14357

CWE-ID: CWE-77

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mutt

Software vendor:
Mutt.org

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to command injection. A remote attacker can use IMAP servers to inject and execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.

Remediation

Update to version 1.10.1.

External links

http://www.mutt.org/news.html

#VU14143 Command injection in Mutt - CVE-2018-14357

Description

Remediation

External links

Please verify you're human