Product:

Mutt

(Mutt)
Repositories https://github.com/neomutt/neomutt
#Vulnerabilities 42
Date Id Summary Products Score Patch Annotated
2018-07-17 CVE-2018-14355 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name. Ubuntu_linux, Debian_linux, Mutt, Neomutt 5.3
2018-07-17 CVE-2018-14353 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow. Ubuntu_linux, Debian_linux, Mutt, Neomutt 9.8
2018-07-17 CVE-2018-14352 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow. Ubuntu_linux, Debian_linux, Mutt, Neomutt 9.8
2018-07-17 CVE-2018-14351 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size. Ubuntu_linux, Debian_linux, Mutt, Neomutt 9.8
2018-07-17 CVE-2018-14350 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field. Ubuntu_linux, Debian_linux, Mutt, Neomutt 9.8
2018-07-17 CVE-2018-14349 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message. Ubuntu_linux, Debian_linux, Mutt, Neomutt 9.8
2014-12-02 CVE-2014-9116 The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function. Debian_linux, Mageia, Mutt, Linux_enterprise_desktop, Suse_linux_enterprise_server N/A
2014-03-14 CVE-2014-0467 Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. Mutt, Opensuse N/A
2011-03-16 CVE-2011-1429 Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766. Mutt N/A
2009-10-23 CVE-2009-3765 mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Mutt N/A