Skip to main content

Mutt

32 CVEs product

Monthly

CVE-2026-43864 LOW PATCH Monitor

Mutt mail client before version 2.3.2 crashes due to a null pointer dereference in the show_sig_summary function when processing GPG signatures, causing denial of service. The vulnerability requires local access and user interaction to trigger (viewing a malicious email with a crafted signature), resulting in application termination with minimal real-world impact. CVSS score of 2.5 reflects low severity; no public exploit or active exploitation confirmed.

Null Pointer Dereference Denial Of Service Mutt
NVD GitHub VulDB
CVSS 3.1
2.5
EPSS
0.0%
CVE-2026-43863 LOW PATCH Monitor

Mutt before version 2.3.2 contains an infinite loop in the data_object_to_stream function within crypt-gpgme.c that can be triggered during GPG encryption operations, leading to denial of service. The vulnerability affects remote attackers under high-complexity conditions (requiring specific GPG-encrypted message handling), and is publicly documented via a GitHub commit but has no active exploitation confirmed. The fix changes the loop condition from checking non-zero read results to explicitly checking for positive read values (> 0), preventing infinite iteration when gpgme_data_read returns zero or negative values.

Denial Of Service Mutt
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-43862 LOW PATCH Monitor

Mutt before 2.3.2 mishandles the IMAP GSS security level due to improper integer casting and insufficient bounds checking, allowing remote attackers to trigger memory corruption and information disclosure via a crafted IMAP server response during GSS-API authentication. The vulnerability requires high attack complexity (malicious IMAP server) but affects all versions prior to 2.3.2.

Information Disclosure Memory Corruption Mutt
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-43861 LOW PATCH Monitor

mutt before version 2.3.2 fails to validate null bytes during URL percent-decoding, allowing remote attackers to inject embedded null characters into decoded URLs, potentially causing information disclosure through truncation of validation checks or bypassing of security filters that rely on string length.

Information Disclosure Mutt
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-43860 LOW PATCH Monitor

mutt before version 2.3.2 truncates the IMAP CRAM-MD5 authentication hash by one byte due to incorrect use of strfcpy instead of memcpy, potentially allowing attackers to bypass or weaken authentication on IMAP connections through off-by-one string handling errors.

Information Disclosure Mutt
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-43859 LOW PATCH Monitor

Mutt before 2.3.2 uses an unsafe string copy function (strfcpy) instead of memcpy when handling MD5 digest data in IMAP CRAM authentication, allowing attackers to potentially forge IMAP credentials by triggering buffer manipulation during the authentication handshake. The vulnerability requires manual connection attempt to a malicious IMAP server and affects network IMAP authentication flows, though the low CVSS score (3.7) reflects high attack complexity and integrity impact only.

Information Disclosure Mutt
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2024-49395 MEDIUM This Month

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mutt Neomutt Enterprise Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-49394 MEDIUM This Month

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Mutt Neomutt Enterprise Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-49393 MEDIUM This Month

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Mutt Neomutt Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-4875 MEDIUM PATCH This Month

Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Mutt Debian Linux
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2023-4874 MEDIUM This Month

Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mutt Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-1328 MEDIUM POC PATCH This Month

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Mutt Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-32055 CRITICAL PATCH Act Now

Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Mutt Neomutt
NVD GitHub
CVSS 3.1
9.1
EPSS
2.6%
CVE-2021-3181 MEDIUM PATCH This Month

rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Mutt Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2020-28896 MEDIUM PATCH This Month

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Mutt Neomutt Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
2.3%
CVE-2020-14954 MEDIUM PATCH This Month

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Code Injection Mutt Debian Linux Neomutt Fedora +2
NVD GitHub
CVSS 3.1
5.9
EPSS
2.3%
CVE-2020-14154 MEDIUM This Month

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mutt Ubuntu Linux
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-14093 MEDIUM PATCH This Month

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Mutt Ubuntu Linux Debian Linux Leap
NVD GitHub
CVSS 3.1
5.9
EPSS
2.1%
CVE-2018-14362 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Mutt Neomutt Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2018-14359 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Mutt Neomutt Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2018-14358 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Mutt Neomutt Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2018-14357 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mutt Neomutt Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
5.0%
CVE-2018-14356 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Information Disclosure Debian Linux Mutt Neomutt +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2018-14355 MEDIUM PATCH This Month

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Debian Linux Mutt Neomutt Ubuntu Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
3.3%
CVE-2018-14354 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mutt Neomutt Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
6.2%
CVE-2018-14353 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Information Disclosure Mutt Neomutt Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2018-14352 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Mutt Neomutt Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2018-14351 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mutt Neomutt Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2018-14350 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Mutt Neomutt Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
5.0%
CVE-2018-14349 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Mutt Neomutt Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2014-9116 MEDIUM POC This Month

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Linux Enterprise Desktop Suse Linux Enterprise Server Mutt +2
NVD
CVSS 2.0
5.0
EPSS
3.5%
CVE-2014-0467 MEDIUM This Month

Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Mutt Opensuse
NVD VulDB
CVSS 2.0
5.0
EPSS
1.8%
EPSS 0% CVSS 2.5
LOW PATCH Monitor

Mutt mail client before version 2.3.2 crashes due to a null pointer dereference in the show_sig_summary function when processing GPG signatures, causing denial of service. The vulnerability requires local access and user interaction to trigger (viewing a malicious email with a crafted signature), resulting in application termination with minimal real-world impact. CVSS score of 2.5 reflects low severity; no public exploit or active exploitation confirmed.

Null Pointer Dereference Denial Of Service Mutt
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Mutt before version 2.3.2 contains an infinite loop in the data_object_to_stream function within crypt-gpgme.c that can be triggered during GPG encryption operations, leading to denial of service. The vulnerability affects remote attackers under high-complexity conditions (requiring specific GPG-encrypted message handling), and is publicly documented via a GitHub commit but has no active exploitation confirmed. The fix changes the loop condition from checking non-zero read results to explicitly checking for positive read values (> 0), preventing infinite iteration when gpgme_data_read returns zero or negative values.

Denial Of Service Mutt
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Mutt before 2.3.2 mishandles the IMAP GSS security level due to improper integer casting and insufficient bounds checking, allowing remote attackers to trigger memory corruption and information disclosure via a crafted IMAP server response during GSS-API authentication. The vulnerability requires high attack complexity (malicious IMAP server) but affects all versions prior to 2.3.2.

Information Disclosure Memory Corruption Mutt
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

mutt before version 2.3.2 fails to validate null bytes during URL percent-decoding, allowing remote attackers to inject embedded null characters into decoded URLs, potentially causing information disclosure through truncation of validation checks or bypassing of security filters that rely on string length.

Information Disclosure Mutt
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

mutt before version 2.3.2 truncates the IMAP CRAM-MD5 authentication hash by one byte due to incorrect use of strfcpy instead of memcpy, potentially allowing attackers to bypass or weaken authentication on IMAP connections through off-by-one string handling errors.

Information Disclosure Mutt
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Mutt before 2.3.2 uses an unsafe string copy function (strfcpy) instead of memcpy when handling MD5 digest data in IMAP CRAM authentication, allowing attackers to potentially forge IMAP credentials by triggering buffer manipulation during the authentication handshake. The vulnerability requires manual connection attempt to a malicious IMAP server and affects network IMAP authentication flows, though the low CVSS score (3.7) reflects high attack complexity and integrity impact only.

Information Disclosure Mutt
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mutt Neomutt +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Mutt +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Mutt +2
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM PATCH This Month

Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Mutt Debian Linux
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mutt Debian Linux
NVD
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Mutt Debian Linux +1
NVD
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Mutt +1
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Mutt Debian Linux +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Mutt Neomutt +1
NVD GitHub
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Code Injection Mutt Debian Linux +4
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM This Month

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mutt Ubuntu Linux
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Mutt Ubuntu Linux +2
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Mutt Neomutt +8
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Mutt Neomutt +2
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Mutt +3
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mutt Neomutt +8
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Information Disclosure Debian Linux +3
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Debian Linux Mutt +2
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mutt Neomutt +8
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Information Disclosure Mutt +3
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Mutt +3
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mutt Neomutt +2
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Mutt +3
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Mutt +2
NVD GitHub
EPSS 4% CVSS 5.0
MEDIUM POC This Month

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Linux Enterprise Desktop +4
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Mutt +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy