Medium: mutt

🗓️ 06 Dec 2022 00:00:00Reported by AmazonType

Mutt versions before 2.0.4 have multiple security vulnerabilities allowing man-in-the-middle attacks and denial of service. Update to mutt-1.5.21-29.amzn2.0.1 to fix these issues

Reporter	Title	Published	Views	Family All 381
FreeBSD	Machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP	16 Jun 202000:00	–	freebsd
FreeBSD	mutt -- denial of service	17 Jan 202100:00	–	freebsd
FreeBSD	IMAP fcc/postpone machine-in-the-middle attack	14 Jun 202000:00	–	freebsd
FreeBSD	mutt -- mutt_decode_uuencoded() can read past the of the input line	4 Apr 202200:00	–	freebsd
FreeBSD	mutt -- authentication credentials being sent over an unencrypted connection	20 Nov 202000:00	–	freebsd
ATTACKERKB	CVE-2022-1328	14 Apr 202221:15	–	attackerkb
Tenable Nessus	Amazon Linux 2 : mutt (ALAS-2022-1892)	7 Dec 202200:00	–	nessus
Tenable Nessus	Amazon Linux AMI : mutt (ALAS-2023-1865)	25 Oct 202300:00	–	nessus
Tenable Nessus	AlmaLinux 8 : mutt (ALSA-2021:4181)	9 Feb 202200:00	–	nessus
Tenable Nessus	AlmaLinux 8 : mutt (ALSA-2022:7640)	12 Nov 202200:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	mutt	1.5.21-29.amzn2.0.1	mutt-1.5.21-29.amzn2.0.1.aarch64.rpm
Amazon Linux	2	i686	mutt	1.5.21-29.amzn2.0.1	mutt-1.5.21-29.amzn2.0.1.i686.rpm
Amazon Linux	2	x86_64	mutt	1.5.21-29.amzn2.0.1	mutt-1.5.21-29.amzn2.0.1.x86_64.rpm
Amazon Linux	2	aarch64	mutt-debuginfo	1.5.21-29.amzn2.0.1	mutt-debuginfo-1.5.21-29.amzn2.0.1.aarch64.rpm
Amazon Linux	2	i686	mutt-debuginfo	1.5.21-29.amzn2.0.1	mutt-debuginfo-1.5.21-29.amzn2.0.1.i686.rpm
Amazon Linux	2	x86_64	mutt-debuginfo	1.5.21-29.amzn2.0.1	mutt-debuginfo-1.5.21-29.amzn2.0.1.x86_64.rpm

06 Dec 2022 00:00Current

6.1Medium risk

Vulners AI Score6.1

CVSS 25.8

CVSS 3.14.3 - 6.5

EPSS0.0479