CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4874 – Undefined Behavior for Input to API in Mutt
https://notcve.org/view.php?id=CVE-2023-4874
Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 Eliminación de referencia del puntero nulo al ver un correo electrónico especialmente manipulado en Mutt versiones >1.5.2 y <2.2.12 A null pointer dereference flaw was found in mutt when handling specially crafted characters. This issue could allow an attacker to send a specially crafted email that causes the email client to crash when reading or processing the email. • http://www.openwall.com/lists/oss-security/2023/09/26/6 https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0.patch https://lists.debian.org/debian-lts-announce/2023/09/msg00021.html https://www.debian.org/security/2023/dsa-5494 https://access.redhat.com/security/cve/CVE-2023-4874 https://bugzilla.redhat.com/show_bug.cgi?id=2238240 • CWE-475: Undefined Behavior for Input to API CWE-476: NULL Pointer Dereference •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4875 – Undefined Behavior for Input to API in Mutt
https://notcve.org/view.php?id=CVE-2023-4875
Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 Eliminación de referencia del puntero nulo al redactar a partir de un mensaje de borrador especialmente manipulado en Mutt versiones >1.5.2 y <2.2.12 A null pointer dereference flaw was found in mutt when handling specially crafted characters. This issue could allow an attacker to send a specially crafted email that causes the email client to crash when reading or processing the email. • http://www.openwall.com/lists/oss-security/2023/09/26/6 https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch https://lists.debian.org/debian-lts-announce/2023/09/msg00021.html https://www.debian.org/security/2023/dsa-5494 https://access.redhat.com/security/cve/CVE-2023-4875 https://bugzilla.redhat.com/show_bug.cgi?id=2238241 • CWE-475: Undefined Behavior for Input to API CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1328 – mutt: buffer overflow in uudecoder function
https://notcve.org/view.php?id=CVE-2022-1328
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line Un Desbordamiento del Búfer en uudecoder en Mutt afectando a todas las versiones a partir de 0.94.13 antes de 2.2.3 permite leer más allá del final de la línea de entrada A flaw was found in mutt. When reading unencoded messages, mutt uses the line length from the untrusted input without any validation. This flaw allows an attacker to craft a malicious message, which leads to an out-of-bounds read, causing data leaks that include fragments of other unrelated messages. In mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in replys, for example fragments of other messages, passphrases or keys. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.json https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5 https://gitlab.com/muttmua/mutt/-/issues/404 https://access.redhat.com/security/cve/CVE-2022-1328 https://bugzilla.redhat.com/show_bug.cgi?id=2076058 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32055
https://notcve.org/view.php?id=CVE-2021-32055
Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default. Mutt versiones 1.11.0 hasta 2.0.x versiones anteriores a 2.0.7 (y NeoMutt versiones del 25-10-2019 hasta 04-05-2021) presenta un problema de $imap_qresync en donde el archivo imap/util.c presenta una lectura fuera de límites en situaciones en las que un ajuste de secuencias IMAP termina con una coma. NOTA: la configuración $ imap_qresync para QRESYNC no está habilitada por defecto • http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5 https://security.gentoo.org/glsa/202105-05 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2021-3181 – mutt: Memory leak when parsing rfc822 group addresses
https://notcve.org/view.php?id=CVE-2021-3181
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons. El archivo rfc822.c en Mutt versiones hasta 2.0.4, permite a atacantes remotos causar una denegación de servicio (buzón de correo no disponible) mediante el envío de mensajes de correo electrónico con secuencias de caracteres de punto y coma en los campos de dirección RFC822 (también se conoce como terminadores de grupos vacíos). Un pequeño mensaje de correo electrónico del atacante puede causar un gran consumo de memoria y, por lo tanto, es posible que la víctima no pueda ver los mensajes de correo electrónico de otras personas • http://www.openwall.com/lists/oss-security/2021/01/19/10 http://www.openwall.com/lists/oss-security/2021/01/27/3 https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17 https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19 https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14 https://gitlab.com/muttmua/mutt/-/issues/323 https://lists.debian.org/debian-lts-announce/2021/01/msg00017.html https://lists.fedoraproject&# • CWE-401: Missing Release of Memory after Effective Lifetime •