Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.

...

mutt security, bug fix, and enhancement update

5:2.0.7-1 - Upgrade to v2.0.7 - New bug fix release - Resolves: 1912614 5:2.0.6-1 - Upgrade to v2.0.6 - Resolves: 1912614...

RHEL 8 : mutt (RHSA-2021:4181)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4181 advisory. Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and...

CentOS 8 : mutt (CESA-2021:4181)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:4181 advisory. - mutt: Incorrect handling of invalid initial IMAP responses could lead to an authentication attempt over unencrypted connection CVE-2020-28896 - mutt:...

mutt: Incorrect handling of invalid initial IMAP responses could lead to an authentication attempt over unencrypted connection

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

mutt: Memory leak when parsing rfc822 group addresses

rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service mailbox unavailability by sending email messages with sequences of semicolon characters in RFC822 address fields aka terminators of empty groups. A small email message from the attacker can cause large memory...

Moderate: Red Hat Security Advisory: mutt security, bug fix, and enhancement update

An update for mutt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

ALSA-2021:4181 Moderate: mutt security, bug fix, and enhancement update

Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. The following packages have been upgraded to a later upstream version: mutt 2.0.7. BZ1912614 Securit...

RLSA-2021:4181 Moderate: mutt security, bug fix, and enhancement update

Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. The following packages have been upgraded to a later upstream version: mutt 2.0.7. BZ1912614 Securit...

Moderate: mutt security, bug fix, and enhancement update

Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. The following packages have been upgraded to a later upstream version: mutt 2.0.7. BZ1912614 Securit...

mutt security, bug fix, and enhancement update

An update is available for mutt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt...

OESA-2021-1399 mutt security update

Mutt is a small but very powerful text-based mail client for Unix operating systems. Security Fixes: Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.CVE-2020-14154...

The vulnerability in the imap/util.c component of the Mutt and NeoMutt email clients arises from reading data beyond the allowed buffer size. This allows an attacker to access confidential data and also cause service interruptions.

The vulnerability in the imap/util.c component of the Mutt and NeoMutt email clients is related to incorrect handling of the IMAP sequence set, which ends with a semicolon. Exploiting this vulnerability can allow an attacker to gain access to confidential data, as well as cause service failures...

Huawei EulerOS: Security Advisory for mutt (EulerOS-SA-2021-2409)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : mutt (EulerOS-SA-2021-2409)

According to the version of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service mailbox unavailability by sending email messages with sequences of...

OESA-2021-1297 mutt security update

Mutt is a small but very powerful text-based mail client for Unix operating systems. Security Fixes: Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.CVE-2020-14093...

The vulnerability of the mutt email client, related to insufficient protection of registration data, allows attackers to gain access to confidential information.

The vulnerability of the mutt email client is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential information...

The vulnerability of the rfc822.c component in the Mutt email client, related to uncontrolled resource consumption, allows a hacker to trigger a service failure.

The vulnerability of the rfc822.c component in the Mutt email client is related to incorrect processing of the comma-separated list of addresses in RFC822 fields. Exploiting this vulnerability can allow an attacker to cause a service failure remotely...

Huawei EulerOS: Security Advisory for mutt (EulerOS-SA-2021-2224)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : mutt (EulerOS-SA-2021-2224)

According to the version of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service mailbox unavailability by sending email messages with sequences of...