CVE-2018-14349
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-14349
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14349.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-14349
- Downstream
- Related
- Published
- 2018-07-17T17:29:00Z
- Modified
- 2025-09-19T09:24:11.773953Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.
- References
-
- http://www.mutt.org/news.html
- https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1
- https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416
- https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html
- https://neomutt.org/2018/07/16/release
- https://security.gentoo.org/glsa/201810-07
- https://usn.ubuntu.com/3719-3/
- https://www.debian.org/security/2018/dsa-4277
- https://security.alpinelinux.org/vuln/CVE-2018-14349
Affected packages
Alpine:v3.5 / mutt
Package
- Name
- mutt
- Purl
- pkg:apk/alpine/mutt?arch=source
Alpine:v3.6 / mutt
Package
- Name
- mutt
- Purl
- pkg:apk/alpine/mutt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.10.1-r0
Affected versions
1.*
1.4.2.3-r0
1.4.2.3-r1
1.4.2.3-r2
1.4.2.3-r3
1.4.2.3-r4
1.4.2.3-r5
1.5.21-r0
1.5.21-r1
1.5.21-r2
1.5.22-r0
1.5.23-r0
1.5.23-r1
1.5.24-r1
1.5.24-r2
1.5.24-r3
1.6.0-r0
1.6.1-r0
1.6.2-r0
1.7.0-r0
1.7.0-r1
1.7.1-r0
1.7.1-r1
1.7.2-r0
1.7.2-r1
1.8.0-r0
1.8.1-r0
1.8.1-r1
1.8.2-r0
1.8.3-r0
Alpine:v3.7 / mutt
Package
- Name
- mutt
- Purl
- pkg:apk/alpine/mutt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.10.1-r0
Affected versions
1.*
1.4.2.3-r0
1.4.2.3-r1
1.4.2.3-r2
1.4.2.3-r3
1.4.2.3-r4
1.4.2.3-r5
1.5.21-r0
1.5.21-r1
1.5.21-r2
1.5.22-r0
1.5.23-r0
1.5.23-r1
1.5.24-r1
1.5.24-r2
1.5.24-r3
1.6.0-r0
1.6.1-r0
1.6.2-r0
1.7.0-r0
1.7.0-r1
1.7.1-r0
1.7.1-r1
1.7.2-r0
1.7.2-r1
1.8.0-r0
1.8.1-r0
1.8.1-r1
1.8.2-r0
1.8.3-r0
1.9.0-r0
1.9.1-r0
1.9.1-r1
Alpine:v3.8 / mutt
Package
- Name
- mutt
- Purl
- pkg:apk/alpine/mutt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.10.1-r0
Affected versions
1.*
1.4.2.3-r0
1.4.2.3-r1
1.4.2.3-r2
1.4.2.3-r3
1.4.2.3-r4
1.4.2.3-r5
1.5.21-r0
1.5.21-r1
1.5.21-r2
1.5.22-r0
1.5.23-r0
1.5.23-r1
1.5.24-r1
1.5.24-r2
1.5.24-r3
1.6.0-r0
1.6.1-r0
1.6.2-r0
1.7.0-r0
1.7.0-r1
1.7.1-r0
1.7.1-r1
1.7.2-r0
1.7.2-r1
1.8.0-r0
1.8.1-r0
1.8.1-r1
1.8.2-r0
1.8.3-r0
1.9.0-r0
1.9.1-r0
1.9.1-r1
1.9.2-r0
1.9.3-r0
1.9.4-r0
1.9.4-r1
1.9.5-r0
1.10.0-r0
Git / github.com/muttmua/mutt
Affected ranges
- Type
- GIT
- Repo
- https://github.com/muttmua/mutt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/neomutt/neomutt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://gitlab.com/muttmua/mutt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
mutt-0-92-10i
mutt-0-92-11i
mutt-0-92-9i
mutt-0-93-unstable
mutt-0-94-10i-rel
mutt-0-94-13-rel
mutt-0-94-14-rel
mutt-0-94-15-rel
mutt-0-94-16i-rel
mutt-0-94-17i-rel
mutt-0-94-18-rel
mutt-0-94-5i-rel
mutt-0-94-6i-rel
mutt-0-94-7i-rel
mutt-0-94-8i-rel
mutt-0-94-9i-p1
mutt-0-94-9i-rel
mutt-0-95-rel
mutt-0-96-1-rel
mutt-0-96-2-slightly-post-release
mutt-0-96-3-rel
mutt-0-96-4-rel
mutt-0-96-5-rel
mutt-0-96-6-rel
mutt-0-96-7-rel
mutt-0-96-8-rel
mutt-0-96-rel
mutt-1-1-1-1-rel
mutt-1-1-1-2-rel
mutt-1-1-1-rel
mutt-1-1-10-rel
mutt-1-1-11-rel
mutt-1-1-12-rel
mutt-1-1-13-rel
mutt-1-1-14-rel
mutt-1-1-2-rel
mutt-1-1-3-rel
mutt-1-1-4-rel
mutt-1-1-5-rel
mutt-1-1-6-rel
mutt-1-1-7-rel
mutt-1-1-8-rel
mutt-1-1-9-rel
mutt-1-1-rel
mutt-1-10-rel
mutt-1-3-1-rel
mutt-1-3-10-rel
mutt-1-3-11-rel
mutt-1-3-12-rel
mutt-1-3-13-rel
mutt-1-3-14-rel
mutt-1-3-15-rel
mutt-1-3-16-rel
mutt-1-3-17-rel
mutt-1-3-18-rel
mutt-1-3-19-rel
mutt-1-3-2-rel
mutt-1-3-20-rel
mutt-1-3-21-rel
mutt-1-3-22-1-rel
mutt-1-3-22-rel
mutt-1-3-23-1-rel
mutt-1-3-23-2-rel
mutt-1-3-23-rel
mutt-1-3-24-rel
mutt-1-3-25-rel
mutt-1-3-26-rel
mutt-1-3-27-rel
mutt-1-3-3-rel
mutt-1-3-4-rel
mutt-1-3-5-rel
mutt-1-3-6-rel
mutt-1-3-7-rel
mutt-1-3-8-rel
mutt-1-3-9-rel
mutt-1-3-rel
mutt-1-5-1-rel
mutt-1-5-10-rel
mutt-1-5-11-rel
mutt-1-5-12-rel
mutt-1-5-13-rel
mutt-1-5-14-rel
mutt-1-5-15-rel
mutt-1-5-16-rel
mutt-1-5-17-rel
mutt-1-5-18-rel
mutt-1-5-19-rel
mutt-1-5-2-rel
mutt-1-5-20-rel
mutt-1-5-21-rel
mutt-1-5-22-rel
mutt-1-5-23-rel
mutt-1-5-24-rel
mutt-1-5-3-rel
mutt-1-5-4-rel
mutt-1-5-5-1-rel
mutt-1-5-5-rel
mutt-1-5-6-rel
mutt-1-5-7-rel
mutt-1-5-8-rel
mutt-1-5-9-rel
mutt-1-6-1-rel
mutt-1-6-2-rel
mutt-1-6-rel
mutt-1-7-1-rel
mutt-1-7-2-rel
mutt-1-7-rel
mutt-1-8-1-rel
mutt-1-8-2-rel
mutt-1-8-3-rel
mutt-1-8-rel
mutt-1-9-1-rel
mutt-1-9-2-rel
mutt-1-9-3-rel
mutt-1-9-4-rel
mutt-1-9-5-rel
mutt-1-9-rel
neomutt-20160822
neomutt-20160827
neomutt-20160910
neomutt-20160916
neomutt-20161002
neomutt-20161003
neomutt-20161014
neomutt-20161028
neomutt-20161104
neomutt-20161126
neomutt-20170113
neomutt-20170128
neomutt-20170206
neomutt-20170225
neomutt-20170306
neomutt-20170414
neomutt-20170421
neomutt-20170428
neomutt-20170526
neomutt-20170602
neomutt-20170609
neomutt-20170707
neomutt-20170714
neomutt-20170907
neomutt-20170912
neomutt-20171006
neomutt-20171013
neomutt-20171027
neomutt-20171208
neomutt-20171215
neomutt-20180223
neomutt-20180323
neomutt-20180512
neomutt-20180622
post-type-punning-patch
pre-type-punning-patch
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2018-14349-05cc9e62",
"signature_type": "Line",
"digest": {
"line_hashes": [
"272267966146282444813381814420337208419",
"122352692869689381757034955568686339190",
"321127338534134449558553336523740259038",
"305289868168230095873101636066645779884"
],
"threshold": 0.9
},
"target": {
"file": "imap/command.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1"
},
{
"id": "CVE-2018-14349-66530b88",
"signature_type": "Function",
"digest": {
"function_hash": "83683944528907744584076064937895352711",
"length": 2273.0
},
"target": {
"file": "imap/command.c",
"function": "cmd_handle_untagged"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://gitlab.com/muttmua/mutt@9347b5c01dc52682cb6be11539d9b7ebceae4416"
},
{
"id": "CVE-2018-14349-893c51f1",
"signature_type": "Function",
"digest": {
"function_hash": "130554663779182842725826925535259806504",
"length": 2152.0
},
"target": {
"file": "imap/command.c",
"function": "cmd_handle_untagged"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1"
},
{
"id": "CVE-2018-14349-bcbab55d",
"signature_type": "Line",
"digest": {
"line_hashes": [
"201758302617927049359434393212304071328",
"162649481194091373558139999812192462305",
"226059709663560185491305086806648557138",
"88408840477752013536356502377232986201"
],
"threshold": 0.9
},
"target": {
"file": "imap/command.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://gitlab.com/muttmua/mutt@9347b5c01dc52682cb6be11539d9b7ebceae4416"
}
]
}