CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32055 – Ubuntu Security Notice USN-7204-1
https://notcve.org/view.php?id=CVE-2021-32055
05 May 2021 — Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default. Mutt versiones 1.11.0 hasta 2.0.x versiones anteriores a 2.0.7 (y NeoMutt versiones del 25-10-2019 hasta 04-05-2021) presenta un problema de $imap_qresync en donde el archivo imap/util.c presenta una lectura fuera de límites ... • http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 3%CPEs: 14EXPL: 0CVE-2020-14954 – Debian Security Advisory 4708-1
https://notcve.org/view.php?id=CVE-2020-14954
21 Jun 2020 — Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." Mutt versiones anteriores a 1.14.4 y NeoMutt antes del 19-06-2020, presentan un problema de almacenamiento de STARTTLS que afecta a IMAP, SMTP y POP3. Cuando un servidor envía una respuesta "begin TLS", el cliente le... • http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •