Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
7DescriptionCVE.org
mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.
AnalysisAI
Mutt before version 2.3.2 contains an infinite loop in the data_object_to_stream function within crypt-gpgme.c that can be triggered during GPG encryption operations, leading to denial of service. The vulnerability affects remote attackers under high-complexity conditions (requiring specific GPG-encrypted message handling), and is publicly documented via a GitHub commit but has no active exploitation confirmed. The fix changes the loop condition from checking non-zero read results to explicitly checking for positive read values (> 0), preventing infinite iteration when gpgme_data_read returns zero or negative values.
Technical ContextAI
Mutt is an email client that uses the GPGME (GnuPG Made Easy) library for OpenPGP cryptographic operations. The vulnerable code path is in crypt-gpgme.c, the function responsible for converting GPGME data objects to output streams during encryption/decryption workflows. The root cause is CWE-253 (Incorrect Check of Function Return Value), where the code fails to properly validate the return value of gpgme_data_read(). The original while loop condition (while ((nread = gpgme_data_read(data, buf, sizeof (buf))))) treats any non-zero value-including error returns or zero-length reads-as continuation, causing the loop to never terminate if gpgme_data_read returns 0 or a negative error code. The fix explicitly checks for positive values (> 0), ensuring the loop only continues when data is actually read.
RemediationAI
Upgrade mutt to version 2.3.2 or later, which includes the fix to the loop condition in data_object_to_stream(). The patch is minimal and available in the upstream repository commit fdc04a171777327218a1e78db504926c388b48c4. Most distributions will release patched packages; verify availability via your package manager or download from the Mutt project (https://github.com/muttmua/mutt/releases). As a temporary workaround pending patching, administrators can disable GPG/GPGME support in mutt's configuration by setting appropriate crypt options, though this eliminates encryption functionality. Alternatively, restrict message processing to trusted sources or implement resource limits (timeout/memory) at the mail client process level to mitigate DoS impact if the vulnerability is triggered. The trivial nature of the fix makes delay inadvisable.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, w
Same weakness CWE-253 – Incorrect Check of Function Return Value
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26902