{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-1328", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "dateUpdated": "2024-08-03T00:03:05.707Z", "dateReserved": "2022-04-12T00:00:00", "datePublished": "2022-04-14T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2022-10-10T00:00:00"}, "descriptions": [{"lang": "en", "value": "Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line"}], "affected": [{"vendor": "Mutt", "product": "Mutt", "versions": [{"version": ">=0.94.13, <2.2.3", "status": "affected"}]}], "references": [{"url": "https://gitlab.com/muttmua/mutt/-/issues/404"}, {"url": "https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5"}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.json"}], "credits": [{"lang": "en", "value": "Tavis Ormandy"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Improper restriction of operations within the bounds of a memory buffer in Mutt"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:03:05.707Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/muttmua/mutt/-/issues/404", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.json", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA4B8DEA-CC64-4144-86B6-F84B772A0428", "versionEndExcluding": "2.2.3", "versionStartIncluding": "0.94.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line"}, {"lang": "es", "value": "Un Desbordamiento del B\u00fafer en uudecoder en Mutt afectando a todas las versiones a partir de 0.94.13 antes de 2.2.3 permite leer m\u00e1s all\u00e1 del final de la l\u00ednea de entrada"}], "id": "CVE-2022-1328", "lastModified": "2024-11-21T06:40:29.933", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-14T21:15:08.543", "references": [{"source": "cve@gitlab.com", "tags": ["Third Party Advisory"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.json"}, {"source": "cve@gitlab.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5"}, {"source": "cve@gitlab.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://gitlab.com/muttmua/mutt/-/issues/404"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.json"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://gitlab.com/muttmua/mutt/-/issues/404"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:7640", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "mutt-5:2.0.7-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-08T00:00:00Z"}, {"advisory": "RHSA-2022:8219", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "mutt-5:2.2.6-1.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}], "bugzilla": {"description": "mutt: buffer overflow in uudecoder function", "id": "2076058", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076058"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified"}, "cwe": "CWE-120", "details": ["Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line", "A flaw was found in mutt. When reading unencoded messages, mutt uses the line length from the untrusted input without any validation. This flaw allows an attacker to craft a malicious message, which leads to an out-of-bounds read, causing data leaks that include fragments of other unrelated messages."], "name": "CVE-2022-1328", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "mutt", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "mutt", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2022-04-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-1328\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1328"], "threat_severity": "Moderate"}