security/vuxml: Add CVE-2022-1328 mail/mutt < 2.2.3

ChangeLog: https://gitlab.com/muttmua/mutt/-/issues/404 PR: 263247 Reported by: dereks@lifeofadishwasher.com
2022-04-13 08:36:41 +02:00 · 2022-04-13 08:36:41 +02:00 · 377603c4bf
commit 377603c4bf
parent 9a4fa9dbd9
1 changed files with 26 additions and 0 deletions
--- a/security/vuxml/vuln-2022.xml
+++ b/security/vuxml/vuln-2022.xml
@ -255,6 +255,32 @@
    </dates>
  </vuln>

+  <vuln vid="6eb9cf14-bab0-11ec-8f59-4437e6ad11c4">
+    <topic>mutt -- mutt_decode_uuencoded() can read past the of the input line</topic>
+    <affects>
+      <package>
+	<name>mutt</name>
+	<range><lt>2.2.3</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Tavis Ormandy reports:</p>
+	<blockquote cite="https://gitlab.com/muttmua/mutt/-/issues/404">
+	  <p>mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in message parts, for example fragments of other messages, passphrases or keys in replys</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2022-1328</cvename>
+      <url>https://gitlab.com/muttmua/mutt/-/issues/404</url>
+    </references>
+    <dates>
+      <discovery>2022-04-04</discovery>
+      <entry>2022-04-12</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="b582a85a-ba4a-11ec-8d1e-3065ec8fd3ec">
    <topic>Chromium -- mulitple vulnerabilities</topic>
    <affects>