Lucene search

FreeBSD387BBADE-5D1D-11EB-BF20-4437E6AD11C4

HistoryJan 17, 2021 - 12:00 a.m.

mutt -- denial of service

2021-01-1700:00:00

vuxml.freebsd.org

tavis ormandy

remote attackers

denial of service

email messages

rfc822 address fields

memory consumption

mailbox unavailability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.012

Percentile

85.5%

JSON

Tavis Ormandy reports:

    rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a
    denial of service (mailbox unavailability) by sending email messages
    with sequences of semicolon characters in RFC822 address fields
    (aka terminators of empty groups). A small email message from the
    attacker can cause large memory consumption, and the victim
    may then be unable to see email messages from other persons.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchmutt< 2.0.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	mutt	< 2.0.5	UNKNOWN

References

gitlab.com/muttmua/mutt/-/issues/323

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.012

Percentile

85.5%

JSON

Related for 387BBADE-5D1D-11EB-BF20-4437E6AD11C4