Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mutt
(Mutt)Repositories | https://github.com/neomutt/neomutt |
#Vulnerabilities | 42 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-07-17 | CVE-2018-14355 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name. | Ubuntu_linux, Debian_linux, Mutt, Neomutt | 5.3 | ||
2018-07-17 | CVE-2018-14353 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow. | Ubuntu_linux, Debian_linux, Mutt, Neomutt | 9.8 | ||
2018-07-17 | CVE-2018-14352 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow. | Ubuntu_linux, Debian_linux, Mutt, Neomutt | 9.8 | ||
2018-07-17 | CVE-2018-14351 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size. | Ubuntu_linux, Debian_linux, Mutt, Neomutt | 9.8 | ||
2018-07-17 | CVE-2018-14350 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field. | Ubuntu_linux, Debian_linux, Mutt, Neomutt | 9.8 | ||
2018-07-17 | CVE-2018-14349 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message. | Ubuntu_linux, Debian_linux, Mutt, Neomutt | 9.8 | ||
2014-12-02 | CVE-2014-9116 | The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function. | Debian_linux, Mageia, Mutt, Linux_enterprise_desktop, Suse_linux_enterprise_server | N/A | ||
2014-03-14 | CVE-2014-0467 | Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. | Mutt, Opensuse | N/A | ||
2011-03-16 | CVE-2011-1429 | Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766. | Mutt | N/A | ||
2009-10-23 | CVE-2009-3765 | mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | Mutt | N/A |