Mutt
Monthly
Mutt mail client before version 2.3.2 crashes due to a null pointer dereference in the show_sig_summary function when processing GPG signatures, causing denial of service. The vulnerability requires local access and user interaction to trigger (viewing a malicious email with a crafted signature), resulting in application termination with minimal real-world impact. CVSS score of 2.5 reflects low severity; no public exploit or active exploitation confirmed.
Mutt before version 2.3.2 contains an infinite loop in the data_object_to_stream function within crypt-gpgme.c that can be triggered during GPG encryption operations, leading to denial of service. The vulnerability affects remote attackers under high-complexity conditions (requiring specific GPG-encrypted message handling), and is publicly documented via a GitHub commit but has no active exploitation confirmed. The fix changes the loop condition from checking non-zero read results to explicitly checking for positive read values (> 0), preventing infinite iteration when gpgme_data_read returns zero or negative values.
Mutt before 2.3.2 mishandles the IMAP GSS security level due to improper integer casting and insufficient bounds checking, allowing remote attackers to trigger memory corruption and information disclosure via a crafted IMAP server response during GSS-API authentication. The vulnerability requires high attack complexity (malicious IMAP server) but affects all versions prior to 2.3.2.
mutt before version 2.3.2 fails to validate null bytes during URL percent-decoding, allowing remote attackers to inject embedded null characters into decoded URLs, potentially causing information disclosure through truncation of validation checks or bypassing of security filters that rely on string length.
mutt before version 2.3.2 truncates the IMAP CRAM-MD5 authentication hash by one byte due to incorrect use of strfcpy instead of memcpy, potentially allowing attackers to bypass or weaken authentication on IMAP connections through off-by-one string handling errors.
Mutt before 2.3.2 uses an unsafe string copy function (strfcpy) instead of memcpy when handling MD5 digest data in IMAP CRAM authentication, allowing attackers to potentially forge IMAP credentials by triggering buffer manipulation during the authentication handshake. The vulnerability requires manual connection attempt to a malicious IMAP server and affects network IMAP authentication flows, though the low CVSS score (3.7) reflects high attack complexity and integrity impact only.
In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.
Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Mutt mail client before version 2.3.2 crashes due to a null pointer dereference in the show_sig_summary function when processing GPG signatures, causing denial of service. The vulnerability requires local access and user interaction to trigger (viewing a malicious email with a crafted signature), resulting in application termination with minimal real-world impact. CVSS score of 2.5 reflects low severity; no public exploit or active exploitation confirmed.
Mutt before version 2.3.2 contains an infinite loop in the data_object_to_stream function within crypt-gpgme.c that can be triggered during GPG encryption operations, leading to denial of service. The vulnerability affects remote attackers under high-complexity conditions (requiring specific GPG-encrypted message handling), and is publicly documented via a GitHub commit but has no active exploitation confirmed. The fix changes the loop condition from checking non-zero read results to explicitly checking for positive read values (> 0), preventing infinite iteration when gpgme_data_read returns zero or negative values.
Mutt before 2.3.2 mishandles the IMAP GSS security level due to improper integer casting and insufficient bounds checking, allowing remote attackers to trigger memory corruption and information disclosure via a crafted IMAP server response during GSS-API authentication. The vulnerability requires high attack complexity (malicious IMAP server) but affects all versions prior to 2.3.2.
mutt before version 2.3.2 fails to validate null bytes during URL percent-decoding, allowing remote attackers to inject embedded null characters into decoded URLs, potentially causing information disclosure through truncation of validation checks or bypassing of security filters that rely on string length.
mutt before version 2.3.2 truncates the IMAP CRAM-MD5 authentication hash by one byte due to incorrect use of strfcpy instead of memcpy, potentially allowing attackers to bypass or weaken authentication on IMAP connections through off-by-one string handling errors.
Mutt before 2.3.2 uses an unsafe string copy function (strfcpy) instead of memcpy when handling MD5 digest data in IMAP CRAM authentication, allowing attackers to potentially forge IMAP credentials by triggering buffer manipulation during the authentication handshake. The vulnerability requires manual connection attempt to a malicious IMAP server and affects network IMAP authentication flows, though the low CVSS score (3.7) reflects high attack complexity and integrity impact only.
In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.
Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.