GitLabCVELIST:CVE-2023-4874CVE-2023-4874 Undefined Behavior for Input to API in Mutt
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.6%
Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12
CNA Affected
[
{
"vendor": "Mutt",
"product": "Mutt",
"versions": [
{
"version": "1.5.2",
"status": "affected",
"lessThan": "2.2.12",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]References
www.openwall.com/lists/oss-security/2023/09/26/6
gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch
gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0.patch
lists.debian.org/debian-lts-announce/2023/09/msg00021.html
www.debian.org/security/2023/dsa-5494
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.6%