[v2.7] mutt: heap-based buffer overflow in mutt_substrdup (CVE-2014-9116)
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
References:
http://seclists.org/oss-sec/2014/q4/835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9116
CONFIRM: http://dev.mutt.org/trac/ticket/3716
PATCH:
http://dev.mutt.org/trac/attachment/ticket/3716/ticket-3716-stable-revised.patch
(from redmine: issue id 3768, created on 2015-01-27, closed on 2017-09-05)
- Relations:
- parent #3766