CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49395 – Mutt: neomutt: bcc email header field is indirectly leaked by cryptographic info block
https://notcve.org/view.php?id=CVE-2024-49395
12 Nov 2024 — In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info. • https://access.redhat.com/security/cve/CVE-2024-49395 • CWE-1230: Exposure of Sensitive Information Through Metadata •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49394 – Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing
https://notcve.org/view.php?id=CVE-2024-49394
12 Nov 2024 — In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender. Jeriko One discovered that NeoMutt incorrectly handled certain IMAP and POP3 responses. An attacker could possibly use this issue to cause NeoMutt to crash, resulting in a denial of service, or the execution of arbitrary code. This issue only affected Ubuntu 18.04 LTS. • https://access.redhat.com/security/cve/CVE-2024-49394 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2023-4874 – Undefined Behavior for Input to API in Mutt
https://notcve.org/view.php?id=CVE-2023-4874
09 Sep 2023 — Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 Eliminación de referencia del puntero nulo al ver un correo electrónico especialmente manipulado en Mutt versiones >1.5.2 y <2.2.12 A null pointer dereference flaw was found in mutt when handling specially crafted characters. This issue could allow an attacker to send a specially crafted email that causes the email client to crash when reading or processing the email. USN-6374-1 fixed vulnerabilities in Mutt. This u... • http://www.openwall.com/lists/oss-security/2023/09/26/6 • CWE-475: Undefined Behavior for Input to API CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4875 – Undefined Behavior for Input to API in Mutt
https://notcve.org/view.php?id=CVE-2023-4875
09 Sep 2023 — Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 Eliminación de referencia del puntero nulo al redactar a partir de un mensaje de borrador especialmente manipulado en Mutt versiones >1.5.2 y <2.2.12 A null pointer dereference flaw was found in mutt when handling specially crafted characters. This issue could allow an attacker to send a specially crafted email that causes the email client to crash when reading or processing the email. Several NULL po... • http://www.openwall.com/lists/oss-security/2023/09/26/6 • CWE-475: Undefined Behavior for Input to API CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2CVE-2022-1328 – mutt: buffer overflow in uudecoder function
https://notcve.org/view.php?id=CVE-2022-1328
14 Apr 2022 — Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line Un Desbordamiento del Búfer en uudecoder en Mutt afectando a todas las versiones a partir de 0.94.13 antes de 2.2.3 permite leer más allá del final de la línea de entrada A flaw was found in mutt. When reading unencoded messages, mutt uses the line length from the untrusted input without any validation. This flaw allows an attacker to craft a malicious message, which leads to an ... • https://packetstorm.news/files/id/167717 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32055 – Ubuntu Security Notice USN-7204-1
https://notcve.org/view.php?id=CVE-2021-32055
05 May 2021 — Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default. Mutt versiones 1.11.0 hasta 2.0.x versiones anteriores a 2.0.7 (y NeoMutt versiones del 25-10-2019 hasta 04-05-2021) presenta un problema de $imap_qresync en donde el archivo imap/util.c presenta una lectura fuera de límites ... • http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 2%CPEs: 5EXPL: 0CVE-2021-3181 – mutt: Memory leak when parsing rfc822 group addresses
https://notcve.org/view.php?id=CVE-2021-3181
19 Jan 2021 — rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons. El archivo rfc822.c en Mutt versiones hasta 2.0.4, permite a atacantes remotos causar una denegación de servicio (buzón de cor... • http://www.openwall.com/lists/oss-security/2021/01/19/10 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-28896 – mutt: Incorrect handling of invalid initial IMAP responses could lead to an authentication attempt over unencrypted connection
https://notcve.org/view.php?id=CVE-2020-28896
23 Nov 2020 — Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle. Mutt versiones anteriores a 2.0.2 y NeoMutt anterior al 20-11-2020 no aseguraron que $ssl_force_tls fuera procesado si la respuesta inicial... • https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06 • CWE-287: Improper Authentication CWE-319: Cleartext Transmission of Sensitive Information CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.9EPSS: 3%CPEs: 14EXPL: 0CVE-2020-14954 – Debian Security Advisory 4708-1
https://notcve.org/view.php?id=CVE-2020-14954
21 Jun 2020 — Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." Mutt versiones anteriores a 1.14.4 y NeoMutt antes del 19-06-2020, presentan un problema de almacenamiento de STARTTLS que afecta a IMAP, SMTP y POP3. Cuando un servidor envía una respuesta "begin TLS", el cliente le... • http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-14154 – Gentoo Linux Security Advisory 202007-57
https://notcve.org/view.php?id=CVE-2020-14154
15 Jun 2020 — Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. Mutt versiones anteriores a 1.14.3, procede con una conexión incluso si, en respuesta a un aviso de certificado GnuTLS, el usuario rechaza un certificado intermedio expirado It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to enable MITM attacks. It was discovered that Mutt incorrectly handled certa... • http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html •