An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.
[ { "id": "CVE-2018-14354-40bfaf37", "deprecated": false, "signature_version": "v1", "signature_type": "Line", "target": { "file": "imap/imap.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "207714131514149770539503581689377572878", "43456414557533690830790091068221388867", "133078401200909009917477633096569575160", "16426923121030229350254084345547734195", "113259863676955082336858121566925197329", "304952015427755973249087225696281356232", "186473608398247688801861743975973835589", "48741560270296553278505195166830611532" ] }, "source": "https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb" }, { "id": "CVE-2018-14354-a726fb3b", "deprecated": false, "signature_version": "v1", "signature_type": "Function", "target": { "function": "imap_subscribe", "file": "imap/imap.c" }, "digest": { "function_hash": "217481649531714381706721618568270213886", "length": 1416.0 }, "source": "https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb" } ]
[ { "id": "CVE-2018-14354-0899ff95", "deprecated": false, "signature_version": "v1", "signature_type": "Line", "target": { "file": "imap/command.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "218563899158595001308791628437925633403", "227032016281452034997778241664359416981", "121955452387884587719052491384722837387", "506689728705518440064826266314589397" ] }, "source": "https://gitlab.com/muttmua/mutt@185152818541f5cdc059cbff3f3e8b654fc27c1d" }, { "id": "CVE-2018-14354-10a917db", "deprecated": false, "signature_version": "v1", "signature_type": "Line", "target": { "file": "imap/imap_private.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "31952942522484068575409883696072157290", "150718647487976241170236887315804442895", "195246979766333573439280635801526022618", "45908318597331465607108365531724022732" ] }, "source": "https://gitlab.com/muttmua/mutt@185152818541f5cdc059cbff3f3e8b654fc27c1d" }, { "id": "CVE-2018-14354-62f6c109", "deprecated": false, "signature_version": "v1", "signature_type": "Line", "target": { "file": "imap/imap.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "38275816934835526550139553849663291777", "84668977590220873947543140367782392958", "272858250823638590734560816738299859458", "197331919126694590783117091847939465809", "51941361508920648674779441686070670670", "194784290279722335795310118604540377499", "212420238482727122243216053129668158301", "1736061709541927672894172239778923985", "97656863909256314289154183120921480207" ] }, "source": "https://gitlab.com/muttmua/mutt@185152818541f5cdc059cbff3f3e8b654fc27c1d" }, { "id": "CVE-2018-14354-632ede0e", "deprecated": false, "signature_version": "v1", "signature_type": "Function", "target": { "function": "imap_subscribe", "file": "imap/imap.c" }, "digest": { "function_hash": "42665550993922102829047012000358714254", "length": 1439.0 }, "source": "https://gitlab.com/muttmua/mutt@185152818541f5cdc059cbff3f3e8b654fc27c1d" }, { "id": "CVE-2018-14354-a951c6d9", "deprecated": false, "signature_version": "v1", "signature_type": "Function", "target": { "function": "imap_quote_string", "file": "imap/util.c" }, "digest": { "function_hash": "246102907976701583778681406207369390654", "length": 417.0 }, "source": "https://gitlab.com/muttmua/mutt@185152818541f5cdc059cbff3f3e8b654fc27c1d" }, { "id": "CVE-2018-14354-cc57081f", "deprecated": false, "signature_version": "v1", "signature_type": "Line", "target": { "file": "imap/util.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "229097236898046633024934805433464608349", "83602381607473313393815366418147480894", "19095377894295592758775701765302495655", "176494269792467988790647947745744230920", "203644126986609072164389678235740350197", "133503302104114886261060629320855893432", "82663813847307772799785084971472340363", "302829093608743047112308803954531093411", "155024479240875832356848830543203950212", "22431226980439760116591360907198255704", "82123232775065497543890611821024729842", "55123122238136819455069850209539057260", "319011740409708478183254388973645564560" ] }, "source": "https://gitlab.com/muttmua/mutt@185152818541f5cdc059cbff3f3e8b654fc27c1d" } ]