MidnightBSD

Advisories for mutt

CVE-1999-0940 HIGH

Buffer overflow in mutt mail client allows remote attackers to execute commands via malformed MIME messages.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mutt mutt_mail_client *
CVE-1999-0941 HIGH

Mutt mail client allows a remote attacker to execute commands via shell metacharacters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mutt mutt 0.95.6
CVE-2001-0473 HIGH

Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 6.1
mutt mutt *
redhat linux 6.0
conectiva linux *
redhat linux 6.1
redhat linux 5.2
immunix immunix 7.0
redhat linux 6.2
mandrakesoft mandrake_linux 7.1
mandrakesoft mandrake_linux 7.2
immunix immunix 7.0_beta
redhat linux 7.0
mandrakesoft mandrake_linux 7.0
mandrakesoft mandrake_linux 6.0
immunix immunix 6.2
CVE-2002-0001 HIGH

Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mutt mutt *
CVE-2003-0140 HIGH

Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mutt mutt 1.3.17
mutt mutt 1.3.16
mutt mutt 1.3.22
mutt mutt 1.3.12
mutt mutt 1.3.27
mutt mutt 1.3.24
mutt mutt 1.4.0
mutt mutt 1.5.3
mutt mutt 1.3.25
CVE-2003-0167 HIGH

Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mutt mutt 1.3.12.1
mutt mutt 1.3.17
mutt mutt 1.3.28
mutt mutt 1.3.16
mutt mutt 1.3.22
mutt mutt 1.3.12
mutt mutt 1.3.27
mutt mutt 1.3.24
mutt mutt 1.3.25
CVE-2003-0299 HIGH

The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
stuart_parmenter balsa 2.0.10
mutt mutt 1.4.1
CVE-2003-0300 MEDIUM

The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ximian evolution 1.2.4
university_of_washington pine 4.53
mozilla mozilla 1.3
mozilla mozilla 1.4
microsoft outlook_express 6.00.2800.1106
sylpheed sylpheed_email_client 0.8.11
qualcomm eudora 5.2.1
stuart_parmenter balsa 2.0.10
mutt mutt 1.4.1
CVE-2004-0078 HIGH

Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mutt mutt 1.3.17
mutt mutt 1.2.5
mutt mutt 1.2.5.1
mutt mutt 1.2.5.5
mutt mutt 1.3.24
mutt mutt 1.3.25
mutt mutt 1.4.1
mutt mutt 1.3.12.1
mutt mutt 1.3.28
mutt mutt 1.2.1
mutt mutt 1.2.5.12_ol
mutt mutt 1.3.16
mutt mutt 1.3.22
mutt mutt 1.2.5.12
mutt mutt 1.3.12
mutt mutt 1.3.27
mutt mutt 1.2.5.4
mutt mutt 1.4.0
CVE-2005-2642 HIGH

Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mutt mutt 1.5.10
CVE-2006-3242 HIGH

Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mutt mutt 1.4.2.1
mutt mutt 1.4.2
CVE-2011-1429 MEDIUM

Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
mutt mutt *
CVE-2014-0467 MEDIUM

Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mutt mutt 1.5.16
opensuse opensuse 12.3
mutt mutt 1.5.19
mutt mutt 1.5.4
mutt mutt 1.5.18
mutt mutt 1.5.11
mutt mutt 1.5.10
mutt mutt 1.5.6
mutt mutt 1.5.14
mutt mutt 1.5.9
mutt mutt 1.5.15
mutt mutt 1.5.12
opensuse opensuse 13.1
mutt mutt 1.5.21
mutt mutt 1.5.5
mutt mutt 1.5.7
mutt mutt 1.5.8
mutt mutt 1.5.13
mutt mutt 1.5.20
mutt mutt *
mutt mutt 1.5
mutt mutt 1.5.3
mutt mutt 1.5.2
mutt mutt 1.5.17
mutt mutt 1.5.1
opensuse opensuse 11.4
CVE-2014-9116 MEDIUM

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
suse suse_linux_enterprise_server 12
debian debian_linux 7.0
suse linux_enterprise_desktop 12
mutt mutt 1.5.23
mageia mageia 4.0
CVE-2018-14349 HIGH

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 9.0
debian debian_linux 8.0
mutt mutt *
neomutt neomutt *
CVE-2018-14350 HIGH

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
debian debian_linux 9.0
debian debian_linux 8.0
canonical ubuntu_linux 14.04
mutt mutt *
canonical ubuntu_linux 18.04
neomutt neomutt *
CVE-2018-14351 HIGH

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 9.0
debian debian_linux 8.0
mutt mutt *
neomutt neomutt *
CVE-2018-14352 HIGH

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
debian debian_linux 9.0
debian debian_linux 8.0
canonical ubuntu_linux 14.04
mutt mutt *
canonical ubuntu_linux 18.04
neomutt neomutt *
CVE-2018-14353 HIGH

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-191,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 9.0
debian debian_linux 8.0
canonical ubuntu_linux 14.04
mutt mutt *
canonical ubuntu_linux 18.04
neomutt neomutt *
CVE-2018-14354 HIGH

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_eus 7.7
debian debian_linux 8.0
mutt mutt *
redhat enterprise_linux_server_tus 7.7
neomutt neomutt *
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.5
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
debian debian_linux 9.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_tus 7.6
canonical ubuntu_linux 18.04
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 7.0
CVE-2018-14355 MEDIUM

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 9.0
debian debian_linux 8.0
mutt mutt *
neomutt neomutt *
CVE-2018-14356 HIGH

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-824,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 9.0
debian debian_linux 8.0
mutt mutt *
neomutt neomutt *
CVE-2018-14357 HIGH

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_eus 7.7
debian debian_linux 8.0
mutt mutt *
redhat enterprise_linux_server_tus 7.7
neomutt neomutt *
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.5
canonical ubuntu_linux 16.04
debian debian_linux 9.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_tus 7.6
canonical ubuntu_linux 18.04
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 7.0
CVE-2018-14358 HIGH

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
debian debian_linux 9.0
debian debian_linux 8.0
canonical ubuntu_linux 14.04
mutt mutt *
canonical ubuntu_linux 18.04
neomutt neomutt *
CVE-2018-14359 HIGH

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
debian debian_linux 9.0
debian debian_linux 8.0
canonical ubuntu_linux 14.04
mutt mutt *
canonical ubuntu_linux 18.04
neomutt neomutt *
CVE-2018-14362 HIGH

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_eus 7.7
debian debian_linux 8.0
mutt mutt *
redhat enterprise_linux_server_tus 7.7
neomutt neomutt *
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.5
canonical ubuntu_linux 16.04
debian debian_linux 9.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 7.0
CVE-2020-14093 MEDIUM

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 20.04
debian debian_linux 9.0
opensuse leap 15.2
debian debian_linux 8.0
mutt mutt *
canonical ubuntu_linux 19.10
opensuse leap 15.1
debian debian_linux 10.0
canonical ubuntu_linux 18.04
CVE-2020-14154 MEDIUM

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 2.2 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 20.04
mutt mutt *
canonical ubuntu_linux 19.10
canonical ubuntu_linux 18.04
CVE-2020-14954 MEDIUM

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
canonical ubuntu_linux 20.04
debian debian_linux 8.0
mutt mutt *
fedoraproject fedora 31
debian debian_linux 10.0
fedoraproject fedora 32
neomutt neomutt *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
debian debian_linux 9.0
opensuse leap 15.2
canonical ubuntu_linux 19.10
opensuse leap 15.1
canonical ubuntu_linux 18.04
CVE-2020-28896 LOW

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,CWE-755,

Products Affected

Vendor Product Version
debian debian_linux 9.0
mutt mutt *
neomutt neomutt *
CVE-2021-3181 MEDIUM

rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
debian debian_linux 9.0
mutt mutt *
debian debian_linux 10.0
fedoraproject fedora 32
fedoraproject fedora 33
CVE-2021-32055 MEDIUM

Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
mutt mutt *
neomutt neomutt *
CVE-2022-1328 MEDIUM

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
cve@gitlab.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
debian debian_linux 9.0
mutt mutt *
fedoraproject fedora 36
CVE-2023-4874

Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6
cve@gitlab.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
mutt mutt *
debian debian_linux 11.0
debian debian_linux 10.0
debian debian_linux 12.0
CVE-2023-4875

Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@gitlab.com 2.2 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L 0.8 1.4
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 2.1 3.6

Products Affected

Vendor Product Version
mutt mutt *
debian debian_linux 11.0
debian debian_linux 10.0
debian debian_linux 12.0
CVE-2024-49393

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
mutt mutt -
neomutt neomutt -
CVE-2024-49394

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
mutt mutt -
neomutt neomutt -
CVE-2024-49395

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
mutt mutt -
neomutt neomutt -