Advisory ROSA-SA-2021-1925

Software: mutt 1.5.21
OS: Cobalt 7.9

CVE-ID: CVE-2018-14349
CVE-Crit: CRITICAL
CVE-DESC: issue was found in Mutt before 1.10.1 and NeoMutt before 16.07.2018. imap / command.c incorrectly handles NO response without a message.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-14350
CVE-Crit: CRITICAL
CVE-DESC: The issue was found in Mutt before 1.10.1 and NeoMutt before 07/16/2018. imap / message.c has a stackable buffer overflow for a FETCH response with a long INTERNALDATE field.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-14351
CVE-Crit: CRITICAL.
CVE-DESC: The issue was found in Mutt before 1.10.1 and NeoMutt before 07/16/2018. imap /command.c does not correctly handle the size of the long literal value of the IMAP status mailbox counter.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-14352
CVE-Crit: CRITICAL
CVE-DESC: The issue was found in Mutt before 1.10.1 and NeoMutt before 07/16/2018. imap_quote_string in imap / util.c does not leave space for quote characters, causing a buffer stack overflow.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-14353
CVE-Crit: CRITICAL
CVE-DESC: The issue was found in Mutt before 1.10.1 and NeoMutt before 07/16/2018. imap_quote_string in imap / util.c has an integer underflow.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-14356
CVE-Crit: CRITICAL
CVE-DESC: An issue was found in Mutt before 1.10.1 and NeoMutt before 16.07.2018. pop.c does not properly handle zero-length UIDs.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-14358
CVE-Crit: CRITICAL.
CVE-DESC: The issue was found in Mutt before 1.10.1 and NeoMutt before 07/16/2018. imap / message.c has a stackable buffer overflow for a FETCH response with a long RFC822.SIZE field.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-14359
CVE-Crit: CRITICAL.
CVE-DESC: The issue was found in Mutt before 1.10.1 and NeoMutt before 07/16/2018. They have buffer overflow via base64 data.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-14093
CVE-Crit: MEDIUM
CVE-DESC: Mutt before version 1.14.3 allows IMAP fcc / delay attacker-in-the-middle type attack with PREAUTH response.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-14154
CVE-Crit: MEDIUM
CVE-DESC: Mutt before 1.14.3 continues the connection even if the user rejects an expired intermediate certificate in response to a GnuTLS certificate request.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2020-14954
CVE-Crit: MEDIUM
CVE-DESC: Mutt before 1.14.4 and NeoMutt before 2020-06-19 have an issue with STARTTLS buffering that affects IMAP, SMTP, and POP3. When the server sends a “start TLS” response, the client reads additional data (e.g., from an intermediary attacker) and evaluates it in the context of TLS, also known as “response injection”.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-28896
CVE-Crit: MEDIUM
CVE-DESC: Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ ssl_force_tls was processed if the initial IMAP server response was invalid. The connection was not closed properly and the code could continue to attempt authentication. This could cause authentication credentials to be exposed on an unencrypted connection or a middleware machine.
CVE-STATUS: Default
CVE-REV: Default

CVE-ID: CVE-2021-3181
CVE-Crit: MEDIUM
CVE-DESC: rfc822.c in Mutt before 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending emails with semicolon character sequences in RFC822 address fields (also called empty group terminators). A small e-mail message from an attacker can cause a large memory consumption, and the victim may not see e-mails from others.
CVE-STATUS: default
CVE-REV: Default