Headline
CVE-2022-1328: Fix uudecode buffer overflow. (e5ed080c) · Commits · Mutt Project / mutt · GitLab
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line
Commit e5ed080c authored Apr 05, 2022 by
Browse files
Fix uudecode buffer overflow.
mutt_decode_uuencoded() used each line’s initial “length character” without any validation. It would happily read past the end of the input line, and with a suitable value even past the length of the input buffer.
As I noted in ticket 404, there are several other changes that could be added to make the parser more robust. However, to avoid accidentally introducing another bug or regression, I’m restricting this patch to simply addressing the overflow.
Thanks to Tavis Ormandy for reporting the issue, along with a sample message demonstrating the problem.
- Changes 1
…
…
@@ -404,9 +404,9 @@ static void mutt_decode_uuencoded (STATE *s, LOFF_T len, int istext, iconv_t cd)
pt = tmps;
linelen = decode_byte (*pt);
pt++;
for (c = 0; c < linelen;)
for (c = 0; c < linelen && *pt;)
{
for (l = 2; l <= 6; l += 2)
for (l = 2; l <= 6 && *pt && *(pt + 1); l += 2)
{
out = decode_byte (*pt) << l;
pt++;
…
…
mentioned in issue #404 (closed)
mentioned in issue #404
mentioned in commit renatoaguiar/openbsd-ports@24d300b2b9ce07d6e212820528619b6f770fb475
mentioned in commit neomutt/neomutt@ee7cb4e461c1cdf0ac14817b03687d5908b85f84
Related news
An update for mutt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1328: mutt: buffer overflow in uudecoder function
An update for mutt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1328: mutt: buffer overflow in uudecoder function
In mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in replys, for example fragments of other messages, passphrases or keys.