Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mutt
(Mutt)| Repositories | https://github.com/neomutt/neomutt |
| #Vulnerabilities | 42 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2006-06-27 | CVE-2006-3242 | Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server. | Mutt | N/A | ||
| 2020-06-21 | CVE-2020-14954 | Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." | Ubuntu_linux, Debian_linux, Fedora, Mutt, Neomutt, Leap | 5.9 | ||
| 2021-01-19 | CVE-2021-3181 | rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons. | Debian_linux, Fedora, Mutt | 6.5 | ||
| 2023-09-09 | CVE-2023-4874 | Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 | Debian_linux, Mutt | 6.5 | ||
| 2023-09-09 | CVE-2023-4875 | Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 | Debian_linux, Mutt | 5.7 | ||
| 2020-06-15 | CVE-2020-14154 | Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. | Ubuntu_linux, Mutt | 4.8 | ||
| 2022-04-14 | CVE-2022-1328 | Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line | Debian_linux, Fedora, Mutt | 5.3 | ||
| 2020-06-15 | CVE-2020-14093 | Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. | Ubuntu_linux, Debian_linux, Mutt, Leap | 5.9 |