Product:

Mutt

(Mutt)
Repositories https://github.com/neomutt/neomutt
#Vulnerabilities 36
Date ID Summary Products Score Patch
2020-06-21 CVE-2020-14954 Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." Debian_linux, Mutt, Neomutt N/A
2020-06-15 CVE-2020-14154 Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. Mutt N/A
2020-06-15 CVE-2020-14093 Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Mutt N/A
2019-11-01 CVE-2005-2351 Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. Debian_linux, Mutt N/A
2009-10-23 CVE-2009-3766 mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Mutt N/A
2018-07-17 CVE-2018-14362 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. Ubuntu_linux, Debian_linux, Mutt, Neomutt, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation 9.8
2018-07-17 CVE-2018-14359 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data. Ubuntu_linux, Debian_linux, Mutt, Neomutt 9.8
2018-07-17 CVE-2018-14358 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field. Ubuntu_linux, Debian_linux, Mutt, Neomutt 9.8
2018-07-17 CVE-2018-14357 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription. Ubuntu_linux, Debian_linux, Mutt, Neomutt, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation 9.8
2018-07-17 CVE-2018-14356 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID. Ubuntu_linux, Debian_linux, Mutt, Neomutt 9.8