vulnerability

FreeBSD: VID-6eb9cf14-bab0-11ec-8f59-4437e6ad11c4 (CVE-2022-1328): mutt -- mutt_decode_uuencoded() can read past the of the input line

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Apr 12, 2022	Nov 4, 2022	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Apr 12, 2022

Added

Nov 4, 2022

Modified

Dec 10, 2025

Description

Tavis Ormandy reports: mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in message parts, for example fragments of other messages, passphrases or keys in replys

Solution

freebsd-upgrade-package-mutt

References

CVE-2022-1328
https://attackerkb.com/topics/CVE-2022-1328
CWE-120

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today