Description
It was discovered that Mutt incorrectly handled certain requests. An
attacker could possibly use this to execute arbitrary code (CVE-2018-14350,
CVE-2018-14352, CVE-2018-14354, CVE-2018-14359, CVE-2018-14358,
CVE-2018-14353 ,CVE-2018-14357).
It was discovered that Mutt incorrectly handled certain inputs. An attacker
could possibly use this to access or expose sensitive information
(CVE-2018-14355, CVE-2018-14356, CVE-2018-14351, CVE-2018-14362,
CVE-2018-14349).
nntp_add_group in newsrc.c has a stack-based buffer overflow because of
incorrect sscanf usage (CVE-2018-14360).
nntp.c proceeds even if memory allocation fails for messages data
(CVE-2018-14361).
newsrc.c does not properlyrestrict '/' characters that may have unsafe
interaction with cache pathnames (CVE-2018-14363).