Heap-based Buffer Overflow in Mutt 1.5.23's write_one_header Function

Heap-based Buffer Overflow in Mutt 1.5.23's write_one_header Function

CVE-2014-9116 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.

Learn more about our Web Application Penetration Testing UK.