RSS   Vulnerabilities for 'MUTT'   RSS

2022-04-14
 
CVE-2022-1328

CWE-120
 

 
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line

 
2021-01-19
 
CVE-2021-3181

CWE-400
 

 
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.

 
2020-06-21
 
CVE-2020-14954

CWE-74
 

 
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."

 
2020-06-15
 
CVE-2020-14154

NVD-CWE-Other
 

 
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.

 
 
CVE-2020-14093

CWE-200
 

 
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.

 
2019-11-01
 
CVE-2005-2351

CWE-668
 

 
Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files.

 
2018-07-17
 
CVE-2018-14362

CWE-119
 

 
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.

 
 
CVE-2018-14359

CWE-119
 

 
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.

 
 
CVE-2018-14358

CWE-119
 

 
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.

 
 
CVE-2018-14357

CWE-77
 

 
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.

 


Copyright 2024, cxsecurity.com

 

Back to Top