Denial Of Service (DoS)

Mutt is vulnerable to denial of service. An out-of-bounds read in imap/util.c where an IMAP sequence set ends with a comma could result in disclosure of confidential information or an application crash...

CVE-2021-32055

Mutt 1.11.0 through 2.0.x before 2.0.7 and NeoMutt 2019-10-25 through 2021-05-04 has a $imapqresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imapqresync setting for QRESYNC is not enabled by default...