suse · CVE-2014-9116

Quick triage

Priority: medium Published: 2021-05-30 13:24:31 UTC Updated: 2026-04-18 18:31:59 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2014-9116 severity moderate: SUSE including 23 source package names (mutt, mutt-1.10.1-3.3.4, …), 97 product×package rows across 58 product lines (Image SLES12-SP5-Azure-SAP-BYOS, Image SLES12-SP5-Azure-SAP-On-Demand, … (58 product lines)): Fixed 66, Known Not Affected 31.

Description:

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.

cvelogic Threat Intelligence