373 matches found
SUSE CVE-2018-14358
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field...
SUSE CVE-2018-14360
An issue was discovered in NeoMutt before 2018-07-16. nntpaddgroup in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage...
SUSE CVE-2018-14363
An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames...
SUSE CVE-2018-14362
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character...
SUSE CVE-2018-14361
An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data...
SUSE CVE-2020-28896
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...
SUSE CVE-2021-32055
Mutt 1.11.0 through 2.0.x before 2.0.7 and NeoMutt 2019-10-25 through 2021-05-04 has a $imapqresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imapqresync setting for QRESYNC is not enabled by default...
OPENSUSE-SU-2022:10020-1 Security update for neomutt
This update for neomutt fixes the following issues: neomutt was updated to 20220429: Bug Fixes Do not crash on an invalid usethreads/sort combination Fix: stuck browser cursor Resolve move the cursor after Index: fix menu size on new mail Don't overlimit LMDB mmap size OpenBSD y/n translation fix...
Security update for neomutt (moderate)
openSUSE Security Update: Security update for neomutt Announcement ID: openSUSE-SU-2022:10020-1 Rating: moderate References: 1184787 1185705 Cross-References: CVE-2021-32055 CVE-2022-1328 CVSS scores: CVE-2021-32055 NVD : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2021-32055 SUSE: 5.3...
Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.
...
Heap-based Buffer Overflow in neomutt/neomutt
Description When connected through imap/imaps with a server, neomutt is prone to a heap buffer overflow when using the auto completion feature. Proof of Concept Prepare client configuration which connects to 127.0.0.1:14300 cat muttrc imap.txt.b64 EOF...
The vulnerability in the imap/util.c component of the Mutt and NeoMutt email clients arises from reading data beyond the allowed buffer size. This allows an attacker to access confidential data and also cause service interruptions.
The vulnerability in the imap/util.c component of the Mutt and NeoMutt email clients is related to incorrect handling of the IMAP sequence set, which ends with a semicolon. Exploiting this vulnerability can allow an attacker to gain access to confidential data, as well as cause service failures...
Security fix for the ALT Linux 9 package neomutt version 20210205-alt2
20210205-alt2 built July 6, 2021 Vitaly Chikunov in task 277285 July 4, 2021 Vitaly Chikunov - Fix CVE-2021-32055...
Advisory ROSA-SA-2021-1925
Software: mutt 1.5.21 OS: Cobalt 7.9 CVE-ID: CVE-2018-14349 CVE-Crit: CRITICAL CVE-DESC: issue was found in Mutt before 1.10.1 and NeoMutt before 16.07.2018. imap / command.c incorrectly handles NO response without a message. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2018-14350 CVE-Crit:...
SUSE SLES11 Security Update : mutt (SUSE-SU-2020:14414-1)
The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14414-1 advisory. - Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. CVE-2020-14093 - Mutt before 1.14.3 proceeds...
GLSA-202105-05 : Mutt, NeoMutt: Denial of service
The remote host is affected by the vulnerability described in GLSA-202105-05 Mutt, NeoMutt: Denial of service It was discovered that Mutt, and NeoMutt did not properly handle certain situations where an IMAP sequence set ends with a comma. Impact : A remote attacker could entice a user to connect...
Mutt, NeoMutt: Denial of service
Background Mutt is a small but very powerful text-based mail client. NeoMutt is a command line mail reader or MUA. It’s a fork of Mutt with added features. Description It was discovered that Mutt, and NeoMutt did not properly handle certain situations where an IMAP sequence set ends with a comma...
CVE-2021-32055
Mutt 1.11.0 through 2.0.x before 2.0.7 and NeoMutt 2019-10-25 through 2021-05-04 has a $imapqresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imapqresync setting for QRESYNC is not enabled by default...
CVE-2021-32055
Mutt 1.11.0 through 2.0.x before 2.0.7 and NeoMutt 2019-10-25 through 2021-05-04 has a $imapqresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imapqresync setting for QRESYNC is not enabled by default...
DEBIAN-CVE-2021-32055
Mutt 1.11.0 through 2.0.x before 2.0.7 and NeoMutt 2019-10-25 through 2021-05-04 has a $imapqresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imapqresync setting for QRESYNC is not enabled by default...