oss-sec mailing list archives
Re: mutt recipient parsing memory leak
From: Utkarsh Gupta <utkarsh () debian org>
Date: Tue, 19 Jan 2021 21:00:46 +0530
Hi Tavis, On Mon, Jan 18, 2021 at 1:11 AM Tavis Ormandy <taviso () gmail com> wrote:
Hello, I noticed mutt was leaking memory whenever I opened a particular mailbox. I tracked down the problem: Using rfc822 groups without the madatory labels wasn't being parsed properly. https://tools.ietf.org/html/rfc822#section-6.2.6 (A spammer had just put some junk in there, they weren't deliberately using exotic addressing schemes.. haha). It turns out that you can send a small message that leaks a *lot* of memory. A small message can leak GBs of memory, effectively preventing you from opening your mailbox. You would need to use a different mail client to clean up the malformed message before you can use mutt again. I sent this upstream as a DoS, but they don't want to treat it as a security isssue. I though I'd just send a FYI here instead in case anyone wants to backport the patch.
Got CVE-2021-3181 assigned for this! - u
Current thread:
- mutt recipient parsing memory leak Tavis Ormandy (Jan 17)
- Re: mutt recipient parsing memory leak Utkarsh Gupta (Jan 19)