Severity by source
AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Lifecycle Timeline
7DescriptionCVE.org
mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.
AnalysisAI
Mutt mail client before version 2.3.2 crashes due to a null pointer dereference in the show_sig_summary function when processing GPG signatures, causing denial of service. The vulnerability requires local access and user interaction to trigger (viewing a malicious email with a crafted signature), resulting in application termination with minimal real-world impact. CVSS score of 2.5 reflects low severity; no public exploit or active exploitation confirmed.
Technical ContextAI
The vulnerability exists in mutt's GPG signature verification code (crypt-gpgme.c), specifically the show_sig_summary function that processes and displays cryptographic signature metadata. The root cause is a missing null pointer check (CWE-476) before dereferencing the key->subkeys structure. When a GPG key object lacks a subkeys field, the code attempts to dereference a null pointer, causing the application to crash. The affected CPE cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:* indicates all mutt versions before 2.3.2 are vulnerable. The fix validates that both the key and key->subkeys pointers are non-null before accessing the expires member.
RemediationAI
Vendor-released patch: mutt 2.3.2. Upgrade mutt to version 2.3.2 or later, which includes the null pointer check fix in crypt-gpgme.c (commit ebfa2969042d89303d15334193fcc32866c8a8df). For users unable to upgrade immediately, a workaround is to disable GPG signature verification features in mutt's configuration (set crypt_verify_sig=no), though this reduces email security guarantees. Distributions maintaining legacy mutt versions should backport the one-line fix (replacing the conditional logic in show_sig_summary) to their packages. See GitHub repository at https://github.com/muttmua/mutt/ for patch details.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vu
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, w
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26904