PT-2023-4937 · Mutt +9 · Mutt +9

Name of the Vulnerable Software and Affected Versions: Mutt versions 1.5.2 through 2.2.12 Description: The issue is related to a null pointer dereference when composing from a specially crafted draft message. This can potentially allow an attacker to cause a denial of service. The vulnerability i...

Mageia: Security Advisory (MGASA-2023-0232)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2023-0232 Updated mutt/neomutt packages fix security vulnerability

Out-of-bounds read in imap/util.c when an IMAP sequence set ends with a comma. CVE-2021-32055 Overflow in uudecoder in Mutt allows read past end of input line CVE-2022-1328...

Updated mutt/neomutt packages fix security vulnerability

Out-of-bounds read in imap/util.c when an IMAP sequence set ends with a comma. CVE-2021-32055 Overflow in uudecoder in Mutt allows read past end of input line CVE-2022-1328...

Debian: Security Advisory (DLA-100-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2004-0078

Buffer overflow in the index menu code menupadstring of menu.c for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via certain mail messages...

SUSE CVE-2006-3242

Stack-based buffer overflow in the browsegetnamespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service crash or execute arbitrary code via long namespaces received from the IMAP server...

SUSE CVE-2007-1268

Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without...

SUSE CVE-2007-2683

Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion...

SUSE CVE-2009-1390

Mutt 1.5.19, when linked against 1 OpenSSL muttssl.c or 2 GnuTLS muttsslgnutls.c, allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack...

SUSE CVE-2009-3765

muttssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a...

SUSE CVE-2009-3766

muttssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

SUSE CVE-2011-1429

Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766...

SUSE CVE-2014-0467

Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service crash via a crafted RFC2047 header line, related to address expansion...

SUSE CVE-2014-9116

The writeoneheader function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service crash via a header with an empty body, which triggers a heap-based buffer overflow in the muttsubstrdup function...

SUSE CVE-2018-14350

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field...

SUSE CVE-2018-14349

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message...

SUSE CVE-2018-14354

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription...

SUSE CVE-2018-14353

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imapquotestring in imap/util.c has an integer underflow...

SUSE CVE-2018-14352

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imapquotestring in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow...