SUSE CVE-2018-14356

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID...

SUSE CVE-2018-14355

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name...

SUSE CVE-2018-14357

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription...

SUSE CVE-2018-14358

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field...

SUSE CVE-2018-14359

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data...

SUSE CVE-2018-14362

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character...

SUSE CVE-2020-14093

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response...

SUSE CVE-2020-14154

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate...

SUSE CVE-2020-14954

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a man-in-the-middle attacker and evaluates it in a TLS context, aka "response injection."...

SUSE CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

SUSE CVE-2021-3181

rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service mailbox unavailability by sending email messages with sequences of semicolon characters in RFC822 address fields aka terminators of empty groups. A small email message from the attacker can cause large memory...

SUSE CVE-2021-32055

Mutt 1.11.0 through 2.0.x before 2.0.7 and NeoMutt 2019-10-25 through 2021-05-04 has a $imapqresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imapqresync setting for QRESYNC is not enabled by default...

SUSE CVE-2022-1328

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line...

CVE-2021-32055 affecting package mutt for versions less than 2.0.5-4

CVE-2021-32055 affecting package mutt for versions less than 2.0.5-4. A patched version of the package is available...

Amazon Linux 2 : mutt (ALAS-2022-1892)

The version of mutt installed on the remote host is prior to 1.5.21-29. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1892 advisory. Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. CVE-2020-14093 Mutt before...

Medium: mutt

Issue Overview: Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. CVE-2020-14093 Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. CVE-2020-14154 Mu...

mutt security update

5:2.2.6-1 - Rebase to upstream version 2.2.6 Resolves: CVE-2022-1328...

Oracle Linux 9 : mutt (ELSA-2022-8219)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-8219 advisory. 5:2.2.6-1 - Rebase to upstream version 2.2.6 Resolves: CVE-2022-1328 Tenable has extracted the preceding description block directly from the Oracle Linux securi...

ROS-20221122-01

Vulnerability of muttdecodeuuencoded function implementation in Mutt mail client is related to operation overflow out of memory buffer boundaries. Exploitation of the vulnerability could allow a remote intruder gain unauthorized access to protected information or cause a denial of service...

AlmaLinux 9 : mutt (ALSA-2022:8219)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:8219 advisory. - Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line CVE-2022-1328 Note that Nessus...