CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4874 – Undefined Behavior for Input to API in Mutt
https://notcve.org/view.php?id=CVE-2023-4874
09 Sep 2023 — Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 Eliminación de referencia del puntero nulo al ver un correo electrónico especialmente manipulado en Mutt versiones >1.5.2 y <2.2.12 A null pointer dereference flaw was found in mutt when handling specially crafted characters. This issue could allow an attacker to send a specially crafted email that causes the email client to crash when reading or processing the email. USN-6374-1 fixed vulnerabilities in Mutt. This u... • http://www.openwall.com/lists/oss-security/2023/09/26/6 • CWE-475: Undefined Behavior for Input to API CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4875 – Undefined Behavior for Input to API in Mutt
https://notcve.org/view.php?id=CVE-2023-4875
09 Sep 2023 — Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 Eliminación de referencia del puntero nulo al redactar a partir de un mensaje de borrador especialmente manipulado en Mutt versiones >1.5.2 y <2.2.12 A null pointer dereference flaw was found in mutt when handling specially crafted characters. This issue could allow an attacker to send a specially crafted email that causes the email client to crash when reading or processing the email. Several NULL po... • http://www.openwall.com/lists/oss-security/2023/09/26/6 • CWE-475: Undefined Behavior for Input to API CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2CVE-2022-1328 – mutt: buffer overflow in uudecoder function
https://notcve.org/view.php?id=CVE-2022-1328
14 Apr 2022 — Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line Un Desbordamiento del Búfer en uudecoder en Mutt afectando a todas las versiones a partir de 0.94.13 antes de 2.2.3 permite leer más allá del final de la línea de entrada A flaw was found in mutt. When reading unencoded messages, mutt uses the line length from the untrusted input without any validation. This flaw allows an attacker to craft a malicious message, which leads to an ... • https://packetstorm.news/files/id/167717 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3181 – mutt: Memory leak when parsing rfc822 group addresses
https://notcve.org/view.php?id=CVE-2021-3181
19 Jan 2021 — rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons. El archivo rfc822.c en Mutt versiones hasta 2.0.4, permite a atacantes remotos causar una denegación de servicio (buzón de cor... • http://www.openwall.com/lists/oss-security/2021/01/19/10 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-28896 – mutt: Incorrect handling of invalid initial IMAP responses could lead to an authentication attempt over unencrypted connection
https://notcve.org/view.php?id=CVE-2020-28896
23 Nov 2020 — Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle. Mutt versiones anteriores a 2.0.2 y NeoMutt anterior al 20-11-2020 no aseguraron que $ssl_force_tls fuera procesado si la respuesta inicial... • https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06 • CWE-287: Improper Authentication CWE-319: Cleartext Transmission of Sensitive Information CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.9EPSS: 0%CPEs: 14EXPL: 0CVE-2020-14954 – Debian Security Advisory 4708-1
https://notcve.org/view.php?id=CVE-2020-14954
21 Jun 2020 — Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." Mutt versiones anteriores a 1.14.4 y NeoMutt antes del 19-06-2020, presentan un problema de almacenamiento de STARTTLS que afecta a IMAP, SMTP y POP3. Cuando un servidor envía una respuesta "begin TLS", el cliente le... • http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-14154 – Gentoo Linux Security Advisory 202007-57
https://notcve.org/view.php?id=CVE-2020-14154
15 Jun 2020 — Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. Mutt versiones anteriores a 1.14.3, procede con una conexión incluso si, en respuesta a un aviso de certificado GnuTLS, el usuario rechaza un certificado intermedio expirado It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to enable MITM attacks. It was discovered that Mutt incorrectly handled certa... • http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html •
CVSS: 5.9EPSS: 0%CPEs: 11EXPL: 0CVE-2020-14093 – Debian Security Advisory 4707-1
https://notcve.org/view.php?id=CVE-2020-14093
15 Jun 2020 — Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Mutt versiones anteriores a 1.14.3, permite un ataque de tipo man-in-the-middle de fcc/postpone de IMAP por medio de una respuesta PREAUTH It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to enable MITM attacks. It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to proceeds with a connection even if... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2005-2351
https://notcve.org/view.php?id=CVE-2005-2351
01 Nov 2019 — Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. Mutt versiones anteriores a 1.5.20, parche 7, permite a un atacante causar una denegación de servicio por medio de una serie de peticiones para archivos temporales de mutt. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311296 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-14352 – Ubuntu Security Notice USN-7204-1
https://notcve.org/view.php?id=CVE-2018-14352
17 Jul 2018 — An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. imap_quote_string en imap/util.c no deja espacio para los caracteres de comillas, lo que conduce a un desbordamiento de búfer basado en pila. Jeriko One discovered that NeoMutt incorrectly handle... • http://www.mutt.org/news.html • CWE-787: Out-of-bounds Write •