Bug 1215191 (CVE-2023-4875) - VUL-0: CVE-2023-4875: mutt: null pointer dereference when receiving an email
Summary: VUL-0: CVE-2023-4875: mutt: null pointer dereference when receiving an email
Status: RESOLVED FIXED
Alias: CVE-2023-4875
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Minor
Target Milestone: ---
Assignee: Dr. Werner Fink
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/377843/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-4875:4.3:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-09-11 06:36 UTC by Gianluca Gabrielli
Modified: 2023-10-13 14:33 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2023-09-11 06:36:47 UTC
For some reason, the rfc2047 base64 decoder ignored illegal
characters, instead of aborting.  This seems innocuous, but in fact
leads to at least three crash-bugs elsewhere in Mutt.

These stem from Mutt, in some cases, passing an entire header
field (name, colon, and body) to the rfc2047 decoder.  (It is
technically incorrect to do so, by the way, but is beyond scope for
these fixes in stable).  Mutt then assumes the result can't be empty
because of a previous check that the header contains at least a colon.


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4875
https://bugzilla.redhat.com/show_bug.cgi?id=2238241
https://www.cve.org/CVERecord?id=CVE-2023-4875
https://security-tracker.debian.org/tracker/DSA-5494-1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051563
https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch
https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch
https://www.debian.org/security/2023/dsa-5494
Comment 1 Gianluca Gabrielli 2023-09-11 06:37:33 UTC
Affected packages:

 - SUSE:SLE-12:Update/mutt
 - SUSE:SLE-15:Update/mutt
 - openSUSE:Factory/mutt

Fixing commit:

 - https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch
Comment 3 OBSbugzilla Bot 2023-09-12 08:45:04 UTC
This is an autogenerated message for OBS integration:
This bug (1215191) was mentioned in
https://build.opensuse.org/request/show/1110464 Factory / mutt
Comment 5 Maintenance Automation 2023-09-20 12:30:41 UTC
SUSE-SU-2023:3702-1: An update that solves two vulnerabilities can now be installed.

Category: security (moderate)
Bug References: 1215189, 1215191
CVE References: CVE-2023-4874, CVE-2023-4875
Sources used:
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): mutt-1.10.1-55.30.1
SUSE Linux Enterprise Server 12 SP5 (src): mutt-1.10.1-55.30.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): mutt-1.10.1-55.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Maintenance Automation 2023-09-27 20:31:07 UTC
SUSE-SU-2023:3826-1: An update that solves two vulnerabilities can now be installed.

Category: security (moderate)
Bug References: 1215189, 1215191
CVE References: CVE-2023-4874, CVE-2023-4875
Sources used:
openSUSE Leap 15.4 (src): mutt-1.10.1-150000.3.26.1
openSUSE Leap 15.5 (src): mutt-1.10.1-150000.3.26.1
Basesystem Module 15-SP4 (src): mutt-1.10.1-150000.3.26.1
Basesystem Module 15-SP5 (src): mutt-1.10.1-150000.3.26.1
SUSE Manager Proxy 4.2 (src): mutt-1.10.1-150000.3.26.1
SUSE Manager Retail Branch Server 4.2 (src): mutt-1.10.1-150000.3.26.1
SUSE Manager Server 4.2 (src): mutt-1.10.1-150000.3.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 OBSbugzilla Bot 2023-09-29 10:35:22 UTC
This is an autogenerated message for OBS integration:
This bug (1215191) was mentioned in
https://build.opensuse.org/request/show/1114300 Factory / mutt
Comment 8 Dr. Werner Fink 2023-09-29 10:52:48 UTC
Fixed