CVE-2018-14353
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-14353
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14353.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-14353
- Downstream
- Related
- Published
- 2018-07-17T17:29:00Z
- Modified
- 2025-09-19T09:24:10.115114Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imapquotestring in imap/util.c has an integer underflow.
- References
-
- http://www.mutt.org/news.html
- https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23
- https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
- https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html
- https://neomutt.org/2018/07/16/release
- https://security.gentoo.org/glsa/201810-07
- https://usn.ubuntu.com/3719-1/
- https://usn.ubuntu.com/3719-3/
- https://www.debian.org/security/2018/dsa-4277
- https://security.alpinelinux.org/vuln/CVE-2018-14353
Affected packages
Alpine:v3.5 / mutt
Package
- Name
- mutt
- Purl
- pkg:apk/alpine/mutt?arch=source
Alpine:v3.6 / mutt
Package
- Name
- mutt
- Purl
- pkg:apk/alpine/mutt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.10.1-r0
Affected versions
1.*
1.4.2.3-r0
1.4.2.3-r1
1.4.2.3-r2
1.4.2.3-r3
1.4.2.3-r4
1.4.2.3-r5
1.5.21-r0
1.5.21-r1
1.5.21-r2
1.5.22-r0
1.5.23-r0
1.5.23-r1
1.5.24-r1
1.5.24-r2
1.5.24-r3
1.6.0-r0
1.6.1-r0
1.6.2-r0
1.7.0-r0
1.7.0-r1
1.7.1-r0
1.7.1-r1
1.7.2-r0
1.7.2-r1
1.8.0-r0
1.8.1-r0
1.8.1-r1
1.8.2-r0
1.8.3-r0
Alpine:v3.7 / mutt
Package
- Name
- mutt
- Purl
- pkg:apk/alpine/mutt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.10.1-r0
Affected versions
1.*
1.4.2.3-r0
1.4.2.3-r1
1.4.2.3-r2
1.4.2.3-r3
1.4.2.3-r4
1.4.2.3-r5
1.5.21-r0
1.5.21-r1
1.5.21-r2
1.5.22-r0
1.5.23-r0
1.5.23-r1
1.5.24-r1
1.5.24-r2
1.5.24-r3
1.6.0-r0
1.6.1-r0
1.6.2-r0
1.7.0-r0
1.7.0-r1
1.7.1-r0
1.7.1-r1
1.7.2-r0
1.7.2-r1
1.8.0-r0
1.8.1-r0
1.8.1-r1
1.8.2-r0
1.8.3-r0
1.9.0-r0
1.9.1-r0
1.9.1-r1
Alpine:v3.8 / mutt
Package
- Name
- mutt
- Purl
- pkg:apk/alpine/mutt?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.10.1-r0
Affected versions
1.*
1.4.2.3-r0
1.4.2.3-r1
1.4.2.3-r2
1.4.2.3-r3
1.4.2.3-r4
1.4.2.3-r5
1.5.21-r0
1.5.21-r1
1.5.21-r2
1.5.22-r0
1.5.23-r0
1.5.23-r1
1.5.24-r1
1.5.24-r2
1.5.24-r3
1.6.0-r0
1.6.1-r0
1.6.2-r0
1.7.0-r0
1.7.0-r1
1.7.1-r0
1.7.1-r1
1.7.2-r0
1.7.2-r1
1.8.0-r0
1.8.1-r0
1.8.1-r1
1.8.2-r0
1.8.3-r0
1.9.0-r0
1.9.1-r0
1.9.1-r1
1.9.2-r0
1.9.3-r0
1.9.4-r0
1.9.4-r1
1.9.5-r0
1.10.0-r0
Git / github.com/muttmua/mutt
Affected ranges
- Type
- GIT
- Repo
- https://github.com/muttmua/mutt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/neomutt/neomutt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://gitlab.com/muttmua/mutt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
mutt-0-92-10i
mutt-0-92-11i
mutt-0-92-9i
mutt-0-93-unstable
mutt-0-94-10i-rel
mutt-0-94-13-rel
mutt-0-94-14-rel
mutt-0-94-15-rel
mutt-0-94-16i-rel
mutt-0-94-17i-rel
mutt-0-94-18-rel
mutt-0-94-5i-rel
mutt-0-94-6i-rel
mutt-0-94-7i-rel
mutt-0-94-8i-rel
mutt-0-94-9i-p1
mutt-0-94-9i-rel
mutt-0-95-rel
mutt-0-96-1-rel
mutt-0-96-2-slightly-post-release
mutt-0-96-3-rel
mutt-0-96-4-rel
mutt-0-96-5-rel
mutt-0-96-6-rel
mutt-0-96-7-rel
mutt-0-96-8-rel
mutt-0-96-rel
mutt-1-1-1-1-rel
mutt-1-1-1-2-rel
mutt-1-1-1-rel
mutt-1-1-10-rel
mutt-1-1-11-rel
mutt-1-1-12-rel
mutt-1-1-13-rel
mutt-1-1-14-rel
mutt-1-1-2-rel
mutt-1-1-3-rel
mutt-1-1-4-rel
mutt-1-1-5-rel
mutt-1-1-6-rel
mutt-1-1-7-rel
mutt-1-1-8-rel
mutt-1-1-9-rel
mutt-1-1-rel
mutt-1-10-rel
mutt-1-3-1-rel
mutt-1-3-10-rel
mutt-1-3-11-rel
mutt-1-3-12-rel
mutt-1-3-13-rel
mutt-1-3-14-rel
mutt-1-3-15-rel
mutt-1-3-16-rel
mutt-1-3-17-rel
mutt-1-3-18-rel
mutt-1-3-19-rel
mutt-1-3-2-rel
mutt-1-3-20-rel
mutt-1-3-21-rel
mutt-1-3-22-1-rel
mutt-1-3-22-rel
mutt-1-3-23-1-rel
mutt-1-3-23-2-rel
mutt-1-3-23-rel
mutt-1-3-24-rel
mutt-1-3-25-rel
mutt-1-3-26-rel
mutt-1-3-27-rel
mutt-1-3-3-rel
mutt-1-3-4-rel
mutt-1-3-5-rel
mutt-1-3-6-rel
mutt-1-3-7-rel
mutt-1-3-8-rel
mutt-1-3-9-rel
mutt-1-3-rel
mutt-1-5-1-rel
mutt-1-5-10-rel
mutt-1-5-11-rel
mutt-1-5-12-rel
mutt-1-5-13-rel
mutt-1-5-14-rel
mutt-1-5-15-rel
mutt-1-5-16-rel
mutt-1-5-17-rel
mutt-1-5-18-rel
mutt-1-5-19-rel
mutt-1-5-2-rel
mutt-1-5-20-rel
mutt-1-5-21-rel
mutt-1-5-22-rel
mutt-1-5-23-rel
mutt-1-5-24-rel
mutt-1-5-3-rel
mutt-1-5-4-rel
mutt-1-5-5-1-rel
mutt-1-5-5-rel
mutt-1-5-6-rel
mutt-1-5-7-rel
mutt-1-5-8-rel
mutt-1-5-9-rel
mutt-1-6-1-rel
mutt-1-6-2-rel
mutt-1-6-rel
mutt-1-7-1-rel
mutt-1-7-2-rel
mutt-1-7-rel
mutt-1-8-1-rel
mutt-1-8-2-rel
mutt-1-8-3-rel
mutt-1-8-rel
mutt-1-9-1-rel
mutt-1-9-2-rel
mutt-1-9-3-rel
mutt-1-9-4-rel
mutt-1-9-5-rel
mutt-1-9-rel
neomutt-20160822
neomutt-20160827
neomutt-20160910
neomutt-20160916
neomutt-20161002
neomutt-20161003
neomutt-20161014
neomutt-20161028
neomutt-20161104
neomutt-20161126
neomutt-20170113
neomutt-20170128
neomutt-20170206
neomutt-20170225
neomutt-20170306
neomutt-20170414
neomutt-20170421
neomutt-20170428
neomutt-20170526
neomutt-20170602
neomutt-20170609
neomutt-20170707
neomutt-20170714
neomutt-20170907
neomutt-20170912
neomutt-20171006
neomutt-20171013
neomutt-20171027
neomutt-20171208
neomutt-20171215
neomutt-20180223
neomutt-20180323
neomutt-20180512
neomutt-20180622
post-type-punning-patch
pre-type-punning-patch
Database specific
{
"vanir_signatures": [
{
"source": "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23",
"deprecated": false,
"target": {
"file": "imap/util.c",
"function": "imap_quote_string"
},
"signature_version": "v1",
"digest": {
"length": 441.0,
"function_hash": "295083974743524128245739183431886022538"
},
"signature_type": "Function",
"id": "CVE-2018-14353-9045588f"
},
{
"source": "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23",
"deprecated": false,
"target": {
"file": "imap/util.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"155024479240875832356848830543203950212",
"161922765533504463388026272355790387971",
"73228443791681758382474922922852998804",
"222731888664080766833588527501041320318",
"170298567194381714156241404269017013499",
"153173161433175437829475666550604780854"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-14353-c722fa3b"
},
{
"source": "https://gitlab.com/muttmua/mutt@e0131852c6059107939893016c8ff56b6e42865d",
"deprecated": false,
"target": {
"file": "imap/util.c",
"function": "_imap_quote_string"
},
"signature_version": "v1",
"digest": {
"length": 410.0,
"function_hash": "40666457325933368291575099386837457356"
},
"signature_type": "Function",
"id": "CVE-2018-14353-d812d2df"
},
{
"source": "https://gitlab.com/muttmua/mutt@e0131852c6059107939893016c8ff56b6e42865d",
"deprecated": false,
"target": {
"file": "imap/util.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"286825986659692381523275984697414304158",
"116272058307513292299683231627710474868",
"51651615816479745004171875861077687511",
"29959305164162731185766895165259995508",
"328072855443475217845821425628390260381",
"267919281465194934696159675631347027828",
"302858303013732373814235239874974723469",
"1059981929047943784357356626914626281",
"187464042198075305097852041642751147938",
"7002288292590039929813425765991714621",
"179605271331145386996960733985749176276",
"162105781547520036600742144204354819781",
"8696559302285177799845044499702199818",
"153173161433175437829475666550604780854"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2018-14353-e50ea7c2"
}
]
}