CVE ID | Published | Description | Score | Severity |
---|---|---|---|---|
Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 | 6.5 |
Medium |
||
Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 | 5.7 |
Medium |
||
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line | 5.3 |
Medium |
||
Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default. | 9.1 |
Critical |
||
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons. | 6.5 |
Medium |
||
Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766. | 5.8 |