Mutt: Heap-based buffer overflow — GLSA 201701-04

A heap-based buffer overflow in Mutt might allow remote attackers to cause a Denial of Service condition.

Affected Packages

mail-client/mutt on all architectures
Affected versions < 1.5.23-r5
Unaffected versions >= 1.5.23-r5

Background

Mutt is a small but very powerful text-based mail client.

Description

A heap-based buffer overflow was discovered in Mutt’s mutt_substrdup function.

Impact

A remote attacker could cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Mutt users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-client/mutt-1.5.23-r5"
 

References

Release Date
January 01, 2017

Latest Revision
January 01, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries