All the vulnerabilites related to Mutt - Mutt
cve-2018-14353
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3719-3/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.debian.org/security/2018/dsa-4277 | vendor-advisory, x_refsource_DEBIAN | |
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/201810-07 | vendor-advisory, x_refsource_GENTOO | |
http://www.mutt.org/news.html | x_refsource_MISC | |
https://neomutt.org/2018/07/16/release | x_refsource_MISC | |
https://usn.ubuntu.com/3719-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:21:41.652Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://neomutt.org/2018/07/16/release" }, { "name": "USN-3719-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-07-17T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://neomutt.org/2018/07/16/release" }, { "name": "USN-3719-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14353", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3719-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-07" }, { "name": "http://www.mutt.org/news.html", "refsource": "MISC", "url": "http://www.mutt.org/news.html" }, { "name": "https://neomutt.org/2018/07/16/release", "refsource": "MISC", "url": "https://neomutt.org/2018/07/16/release" }, { "name": "USN-3719-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-1/" }, { "name": "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23", "refsource": "MISC", "url": "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14353", "datePublished": "2018-07-17T17:00:00", "dateReserved": "2018-07-17T00:00:00", "dateUpdated": "2024-08-05T09:21:41.652Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2001-0473
Vulnerability from cvelistv5
Published
2001-09-18 04:00
Modified
2024-08-08 04:21
Severity ?
EPSS score ?
Summary
Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.
References
▼ | URL | Tags |
---|---|---|
http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html | mailing-list, x_refsource_BUGTRAQ | |
http://www.osvdb.org/5615 | vdb-entry, x_refsource_OSVDB | |
http://www.redhat.com/support/errata/RHSA-2001-029.html | vendor-advisory, x_refsource_REDHAT | |
http://marc.info/?l=bugtraq&m=98473109630421&w=2 | mailing-list, x_refsource_BUGTRAQ | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/6235 | vdb-entry, x_refsource_XF | |
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000385 | vendor-advisory, x_refsource_CONECTIVA | |
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3 | vendor-advisory, x_refsource_MANDRAKE |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:21:38.677Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20010320 Trustix Security Advisory - mutt", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html" }, { "name": "5615", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/5615" }, { "name": "RHSA-2001:029", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2001-029.html" }, { "name": "20010315 Immunix OS Security update for mutt", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=98473109630421\u0026w=2" }, { "name": "mutt-imap-format-string(6235)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6235" }, { "name": "CLA-2001:385", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000385" }, { "name": "MDKSA-2001-031", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2001-03-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2004-09-02T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20010320 Trustix Security Advisory - mutt", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html" }, { "name": "5615", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/5615" }, { "name": "RHSA-2001:029", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2001-029.html" }, { "name": "20010315 Immunix OS Security update for mutt", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=98473109630421\u0026w=2" }, { "name": "mutt-imap-format-string(6235)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6235" }, { "name": "CLA-2001:385", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000385" }, { "name": "MDKSA-2001-031", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-0473", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20010320 Trustix Security Advisory - mutt", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html" }, { "name": "5615", "refsource": "OSVDB", "url": "http://www.osvdb.org/5615" }, { "name": "RHSA-2001:029", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2001-029.html" }, { "name": "20010315 Immunix OS Security update for mutt", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=98473109630421\u0026w=2" }, { "name": "mutt-imap-format-string(6235)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6235" }, { "name": "CLA-2001:385", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000385" }, { "name": "MDKSA-2001-031", "refsource": "MANDRAKE", "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-0473", "datePublished": "2001-09-18T04:00:00", "dateReserved": "2001-05-24T00:00:00", "dateUpdated": "2024-08-08T04:21:38.677Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-3181
Vulnerability from cvelistv5
Published
2021-01-19 14:30
Modified
2024-08-03 16:45
Severity ?
EPSS score ?
Summary
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:45:51.462Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/-/issues/323" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14" }, { "name": "[oss-security] 20210119 Re: mutt recipient parsing memory leak", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/19/10" }, { "name": "[debian-lts-announce] 20210120 [SECURITY] [DLA 2529-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00017.html" }, { "name": "GLSA-202101-25", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202101-25" }, { "name": "DSA-4838", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-4838" }, { "name": "[oss-security] 20210127 glibc iconv crash with ISO-2022-JP-3", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/27/3" }, { "name": "FEDORA-2021-a4f016c6c8", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2OMLQKAOHPYQA4GI7ZUO6UKCPUHLYO7/" }, { "name": "FEDORA-2021-4205e1fc23", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXGWXFO77HBCD3VYEIYHHYU33LYWWWNQ/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-10T02:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/-/issues/323" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14" }, { "name": "[oss-security] 20210119 Re: mutt recipient parsing memory leak", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/19/10" }, { "name": "[debian-lts-announce] 20210120 [SECURITY] [DLA 2529-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00017.html" }, { "name": "GLSA-202101-25", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202101-25" }, { "name": "DSA-4838", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-4838" }, { "name": "[oss-security] 20210127 glibc iconv crash with ISO-2022-JP-3", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/27/3" }, { "name": "FEDORA-2021-a4f016c6c8", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2OMLQKAOHPYQA4GI7ZUO6UKCPUHLYO7/" }, { "name": "FEDORA-2021-4205e1fc23", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXGWXFO77HBCD3VYEIYHHYU33LYWWWNQ/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-3181", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://gitlab.com/muttmua/mutt/-/issues/323", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/-/issues/323" }, { "name": "https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17" }, { "name": "https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19" }, { "name": "https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14" }, { "name": "[oss-security] 20210119 Re: mutt recipient parsing memory leak", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/01/19/10" }, { "name": "[debian-lts-announce] 20210120 [SECURITY] [DLA 2529-1] mutt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00017.html" }, { "name": "GLSA-202101-25", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202101-25" }, { "name": "DSA-4838", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4838" }, { "name": "[oss-security] 20210127 glibc iconv crash with ISO-2022-JP-3", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/01/27/3" }, { "name": "FEDORA-2021-a4f016c6c8", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2OMLQKAOHPYQA4GI7ZUO6UKCPUHLYO7/" }, { "name": "FEDORA-2021-4205e1fc23", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXGWXFO77HBCD3VYEIYHHYU33LYWWWNQ/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-3181", "datePublished": "2021-01-19T14:30:37", "dateReserved": "2021-01-19T00:00:00", "dateUpdated": "2024-08-03T16:45:51.462Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2002-0001
Vulnerability from cvelistv5
Published
2002-01-03 05:00
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.
References
▼ | URL | Tags |
---|---|---|
http://online.securityfocus.com/advisories/3778 | vendor-advisory, x_refsource_HP | |
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc | vendor-advisory, x_refsource_FREEBSD | |
http://www.debian.org/security/2002/dsa-096 | vendor-advisory, x_refsource_DEBIAN | |
http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html | x_refsource_CONFIRM | |
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449 | vendor-advisory, x_refsource_CONECTIVA | |
http://www.iss.net/security_center/static/7759.php | vdb-entry, x_refsource_XF | |
http://www.securityfocus.com/bid/3774 | vdb-entry, x_refsource_BID | |
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt | vendor-advisory, x_refsource_CALDERA | |
http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html | vendor-advisory, x_refsource_SUSE | |
http://marc.info/?l=bugtraq&m=100994648918287&w=2 | mailing-list, x_refsource_BUGTRAQ | |
http://www.redhat.com/support/errata/RHSA-2002-003.html | vendor-advisory, x_refsource_REDHAT |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:35:17.475Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "HPSBTL0201-011", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://online.securityfocus.com/advisories/3778" }, { "name": "FreeBSD-SA-02:04", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc" }, { "name": "DSA-096", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2002/dsa-096" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html" }, { "name": "CLA-2002:449", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000449" }, { "name": "mutt-address-handling-bo(7759)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/7759.php" }, { "name": "3774", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/3774" }, { "name": "CSSA-2002-002.0", "tags": [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred" ], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt" }, { "name": "SuSE-SA:2002:001", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html" }, { "name": "20020101 [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=100994648918287\u0026w=2" }, { "name": "RHSA-2002:003", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2002-003.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-01-01T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "HPSBTL0201-011", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://online.securityfocus.com/advisories/3778" }, { "name": "FreeBSD-SA-02:04", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc" }, { "name": "DSA-096", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2002/dsa-096" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html" }, { "name": "CLA-2002:449", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000449" }, { "name": "mutt-address-handling-bo(7759)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/7759.php" }, { "name": "3774", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/3774" }, { "name": "CSSA-2002-002.0", "tags": [ "vendor-advisory", "x_refsource_CALDERA" ], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt" }, { "name": "SuSE-SA:2002:001", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html" }, { "name": "20020101 [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=100994648918287\u0026w=2" }, { "name": "RHSA-2002:003", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2002-003.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0001", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "HPSBTL0201-011", "refsource": "HP", "url": "http://online.securityfocus.com/advisories/3778" }, { "name": "FreeBSD-SA-02:04", "refsource": "FREEBSD", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc" }, { "name": "DSA-096", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2002/dsa-096" }, { "name": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html", "refsource": "CONFIRM", "url": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html" }, { "name": "CLA-2002:449", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000449" }, { "name": "mutt-address-handling-bo(7759)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/7759.php" }, { "name": "3774", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3774" }, { "name": "CSSA-2002-002.0", "refsource": "CALDERA", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt" }, { "name": "SuSE-SA:2002:001", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html" }, { "name": "20020101 [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=100994648918287\u0026w=2" }, { "name": "RHSA-2002:003", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-003.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0001", "datePublished": "2002-01-03T05:00:00", "dateReserved": "2002-01-01T00:00:00", "dateUpdated": "2024-08-08T02:35:17.475Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14352
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3719-3/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.debian.org/security/2018/dsa-4277 | vendor-advisory, x_refsource_DEBIAN | |
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d | x_refsource_MISC | |
https://usn.ubuntu.com/3719-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/201810-07 | vendor-advisory, x_refsource_GENTOO | |
https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4 | x_refsource_MISC | |
http://www.mutt.org/news.html | x_refsource_MISC | |
https://neomutt.org/2018/07/16/release | x_refsource_MISC | |
https://usn.ubuntu.com/3719-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:21:41.671Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d" }, { "name": "USN-3719-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-2/" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://neomutt.org/2018/07/16/release" }, { "name": "USN-3719-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-07-17T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d" }, { "name": "USN-3719-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-2/" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://neomutt.org/2018/07/16/release" }, { "name": "USN-3719-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14352", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3719-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d" }, { "name": "USN-3719-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-2/" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-07" }, { "name": "https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4", "refsource": "MISC", "url": "https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4" }, { "name": "http://www.mutt.org/news.html", "refsource": "MISC", "url": "http://www.mutt.org/news.html" }, { "name": "https://neomutt.org/2018/07/16/release", "refsource": "MISC", "url": "https://neomutt.org/2018/07/16/release" }, { "name": "USN-3719-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14352", "datePublished": "2018-07-17T17:00:00", "dateReserved": "2018-07-17T00:00:00", "dateUpdated": "2024-08-05T09:21:41.671Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-3766
Vulnerability from cvelistv5
Published
2009-10-23 19:00
Modified
2024-08-07 06:38
Severity ?
EPSS score ?
Summary
mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2009/10/26/1 | mailing-list, x_refsource_MLIST | |
http://dev.mutt.org/trac/ticket/3087 | x_refsource_CONFIRM | |
http://marc.info/?l=oss-security&m=125198917018936&w=2 | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:38:30.251Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20091026 Re: More CVE-2009-2408 like issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/10/26/1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://dev.mutt.org/trac/ticket/3087" }, { "name": "[oss-security] 20090903 More CVE-2009-2408 like issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-09-03T00:00:00", "descriptions": [ { "lang": "en", "value": "mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2009-11-11T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[oss-security] 20091026 Re: More CVE-2009-2408 like issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/10/26/1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://dev.mutt.org/trac/ticket/3087" }, { "name": "[oss-security] 20090903 More CVE-2009-2408 like issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3766", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20091026 Re: More CVE-2009-2408 like issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/10/26/1" }, { "name": "http://dev.mutt.org/trac/ticket/3087", "refsource": "CONFIRM", "url": "http://dev.mutt.org/trac/ticket/3087" }, { "name": "[oss-security] 20090903 More CVE-2009-2408 like issues", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3766", "datePublished": "2009-10-23T19:00:00", "dateReserved": "2009-10-23T00:00:00", "dateUpdated": "2024-08-07T06:38:30.251Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-5298
Vulnerability from cvelistv5
Published
2006-10-16 19:00
Modified
2024-08-07 19:48
Severity ?
EPSS score ?
Summary
The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.
References
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=mutt-dev&m=115999486426292&w=2 | mailing-list, x_refsource_MLIST | |
http://www.trustix.org/errata/2006/0061/ | vendor-advisory, x_refsource_TRUSTIX | |
http://secunia.com/advisories/22640 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/advisories/22613 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/advisories/22685 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/advisories/22686 | third-party-advisory, x_refsource_SECUNIA | |
http://www.ubuntu.com/usn/usn-373-1 | vendor-advisory, x_refsource_UBUNTU | |
http://www.mandriva.com/security/advisories?name=MDKSA-2006:190 | vendor-advisory, x_refsource_MANDRIVA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:48:28.687Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=mutt-dev\u0026m=115999486426292\u0026w=2" }, { "name": "2006-0061", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2006/0061/" }, { "name": "22640", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22640" }, { "name": "22613", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22613" }, { "name": "22685", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22685" }, { "name": "22686", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22686" }, { "name": "USN-373-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-373-1" }, { "name": "MDKSA-2006:190", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:190" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-10-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=mutt-dev\u0026m=115999486426292\u0026w=2" }, { "name": "2006-0061", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2006/0061/" }, { "name": "22640", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22640" }, { "name": "22613", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22613" }, { "name": "22685", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22685" }, { "name": "22686", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22686" }, { "name": "USN-373-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-373-1" }, { "name": "MDKSA-2006:190", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:190" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5298", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]", "refsource": "MLIST", "url": "http://marc.info/?l=mutt-dev\u0026m=115999486426292\u0026w=2" }, { "name": "2006-0061", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2006/0061/" }, { "name": "22640", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22640" }, { "name": "22613", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22613" }, { "name": "22685", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22685" }, { "name": "22686", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22686" }, { "name": "USN-373-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-373-1" }, { "name": "MDKSA-2006:190", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:190" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5298", "datePublished": "2006-10-16T19:00:00", "dateReserved": "2006-10-16T00:00:00", "dateUpdated": "2024-08-07T19:48:28.687Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-5297
Vulnerability from cvelistv5
Published
2006-10-16 19:00
Modified
2024-08-07 19:48
Severity ?
EPSS score ?
Summary
Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T19:48:29.473Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "25529", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25529" }, { "name": "[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=mutt-dev\u0026m=115999486426292\u0026w=2" }, { "name": "20733", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/20733" }, { "name": "oval:org.mitre.oval:def:10601", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10601" }, { "name": "2006-0061", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2006/0061/" }, { "name": "22640", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22640" }, { "name": "22613", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22613" }, { "name": "22685", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22685" }, { "name": "22686", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/22686" }, { "name": "USN-373-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-373-1" }, { "name": "RHSA-2007:0386", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html" }, { "name": "ADV-2006-4176", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/4176" }, { "name": "MDKSA-2006:190", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:190" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-10-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "25529", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25529" }, { "name": "[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=mutt-dev\u0026m=115999486426292\u0026w=2" }, { "name": "20733", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/20733" }, { "name": "oval:org.mitre.oval:def:10601", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10601" }, { "name": "2006-0061", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2006/0061/" }, { "name": "22640", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22640" }, { "name": "22613", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22613" }, { "name": "22685", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22685" }, { "name": "22686", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/22686" }, { "name": "USN-373-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-373-1" }, { "name": "RHSA-2007:0386", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html" }, { "name": "ADV-2006-4176", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/4176" }, { "name": "MDKSA-2006:190", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:190" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5297", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "25529", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25529" }, { "name": "[mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]", "refsource": "MLIST", "url": "http://marc.info/?l=mutt-dev\u0026m=115999486426292\u0026w=2" }, { "name": "20733", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20733" }, { "name": "oval:org.mitre.oval:def:10601", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10601" }, { "name": "2006-0061", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2006/0061/" }, { "name": "22640", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22640" }, { "name": "22613", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22613" }, { "name": "22685", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22685" }, { "name": "22686", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22686" }, { "name": "USN-373-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-373-1" }, { "name": "RHSA-2007:0386", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html" }, { "name": "ADV-2006-4176", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4176" }, { "name": "MDKSA-2006:190", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:190" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5297", "datePublished": "2006-10-16T19:00:00", "dateReserved": "2006-10-16T00:00:00", "dateUpdated": "2024-08-07T19:48:29.473Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-1268
Vulnerability from cvelistv5
Published
2007-03-06 20:00
Modified
2024-08-07 12:50
Severity ?
EPSS score ?
Summary
Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
References
▼ | URL | Tags |
---|---|---|
http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html | mailing-list, x_refsource_MLIST | |
http://secunia.com/advisories/24415 | third-party-advisory, x_refsource_SECUNIA | |
http://securityreason.com/securityalert/2353 | third-party-advisory, x_refsource_SREASON | |
http://www.securityfocus.com/archive/1/461958/30/7710/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://www.coresecurity.com/?action=item&id=1687 | x_refsource_MISC | |
http://www.securityfocus.com/archive/1/461958/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://www.securityfocus.com/bid/22778 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id?1017727 | vdb-entry, x_refsource_SECTRACK | |
http://www.vupen.com/english/advisories/2007/0835 | vdb-entry, x_refsource_VUPEN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:50:35.130Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html" }, { "name": "24415", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24415" }, { "name": "2353", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/2353" }, { "name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.coresecurity.com/?action=item\u0026id=1687" }, { "name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded" }, { "name": "22778", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22778" }, { "name": "1017727", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1017727" }, { "name": "ADV-2007-0835", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/0835" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html" }, { "name": "24415", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24415" }, { "name": "2353", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/2353" }, { "name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.coresecurity.com/?action=item\u0026id=1687" }, { "name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded" }, { "name": "22778", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22778" }, { "name": "1017727", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1017727" }, { "name": "ADV-2007-0835", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/0835" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1268", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME", "refsource": "MLIST", "url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html" }, { "name": "24415", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24415" }, { "name": "2353", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2353" }, { "name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded" }, { "name": "http://www.coresecurity.com/?action=item\u0026id=1687", "refsource": "MISC", "url": "http://www.coresecurity.com/?action=item\u0026id=1687" }, { "name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded" }, { "name": "22778", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22778" }, { "name": "1017727", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017727" }, { "name": "ADV-2007-0835", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0835" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1268", "datePublished": "2007-03-06T20:00:00", "dateReserved": "2007-03-04T00:00:00", "dateUpdated": "2024-08-07T12:50:35.130Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-14154
Vulnerability from cvelistv5
Published
2020-06-15 16:51
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.
References
▼ | URL | Tags |
---|---|---|
http://www.mutt.org | x_refsource_MISC | |
http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html | x_refsource_MISC | |
https://bugs.gentoo.org/728300 | x_refsource_MISC | |
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html | vendor-advisory, x_refsource_SUSE | |
https://usn.ubuntu.com/4401-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://security.gentoo.org/glsa/202007-57 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:39:36.045Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.mutt.org" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.gentoo.org/728300" }, { "name": "openSUSE-SU-2020:0903", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html" }, { "name": "openSUSE-SU-2020:0915", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html" }, { "name": "USN-4401-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4401-1/" }, { "name": "GLSA-202007-57", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202007-57" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-28T21:06:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.mutt.org" }, { "tags": [ "x_refsource_MISC" ], "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.gentoo.org/728300" }, { "name": "openSUSE-SU-2020:0903", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html" }, { "name": "openSUSE-SU-2020:0915", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html" }, { "name": "USN-4401-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4401-1/" }, { "name": "GLSA-202007-57", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202007-57" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-14154", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.mutt.org", "refsource": "MISC", "url": "http://www.mutt.org" }, { "name": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html", "refsource": "MISC", "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html" }, { "name": "https://bugs.gentoo.org/728300", "refsource": "MISC", "url": "https://bugs.gentoo.org/728300" }, { "name": "openSUSE-SU-2020:0903", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html" }, { "name": "openSUSE-SU-2020:0915", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html" }, { "name": "USN-4401-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4401-1/" }, { "name": "GLSA-202007-57", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202007-57" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-14154", "datePublished": "2020-06-15T16:51:17", "dateReserved": "2020-06-15T00:00:00", "dateUpdated": "2024-08-04T12:39:36.045Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49393
Vulnerability from cvelistv5
Published
2024-11-12 01:55
Modified
2024-11-15 21:17
Severity ?
EPSS score ?
Summary
Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-49393 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2325317 | issue-tracking, x_refsource_REDHAT |
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49393", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-12T14:25:28.066562Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-12T14:25:48.550Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.com/muttmua/mutt", "defaultStatus": "affected", "packageName": "mutt" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "mutt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "mutt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "mutt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2024-11-11T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-347", "description": "Improper Verification of Cryptographic Signature", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T21:17:04.154Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-49393" }, { "name": "RHBZ#2325317", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325317" } ], "timeline": [ { "lang": "en", "time": "2024-11-11T19:41:40.191000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-11-11T00:00:00+00:00", "value": "Made public." } ], "title": "Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing", "x_redhatCweChain": "CWE-347: Improper Verification of Cryptographic Signature" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-49393", "datePublished": "2024-11-12T01:55:40.765Z", "dateReserved": "2024-10-14T17:56:03.767Z", "dateUpdated": "2024-11-15T21:17:04.154Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-3242
Vulnerability from cvelistv5
Published
2006-06-27 10:00
Modified
2024-08-07 18:23
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T18:23:20.786Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "21220", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21220" }, { "name": "GLSA-200606-27", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-27.xml" }, { "name": "20895", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20895" }, { "name": "21039", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21039" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git%3Ba=commit%3Bh=dc0272b749f0e2b102973b7ac43dbd3908507540" }, { "name": "RHSA-2006:0577", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0577.html" }, { "name": "oval:org.mitre.oval:def:10826", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10826" }, { "name": "20887", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20887" }, { "name": "ADV-2006-2522", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2006/2522" }, { "name": "20810", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20810" }, { "name": "MDKSA-2006:115", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:115" }, { "name": "USN-307-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/307-1/" }, { "name": "2006-0038", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2006/0038" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://dev.mutt.org/cgi-bin/viewcvs.cgi/mutt/imap/browse.c?r1=1.34.2.2\u0026r2=1.34.2.3" }, { "name": "20854", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20854" }, { "name": "21135", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21135" }, { "name": "SSA:2006-207-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.472221" }, { "name": "18642", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/18642" }, { "name": "OpenPKG-SA-2006.013", "tags": [ "vendor-advisory", "x_refsource_OPENPKG", "x_transferred" ], "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.013-mutt.html" }, { "name": "mutt-imap-namespace-bo(27428)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27428" }, { "name": "DSA-1108", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2006/dsa-1108" }, { "name": "SUSE-SR:2006:016", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html" }, { "name": "20836", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20836" }, { "name": "20060701-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI", "x_transferred" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U" }, { "name": "1016482", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1016482" }, { "name": "20960", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20960" }, { "name": "20060629 rPSA-2006-0116-1 mutt", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/438712/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-471" }, { "name": "21124", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/21124" }, { "name": "20879", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/20879" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2006-06-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "21220", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21220" }, { "name": "GLSA-200606-27", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-27.xml" }, { "name": "20895", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20895" }, { "name": "21039", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21039" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git%3Ba=commit%3Bh=dc0272b749f0e2b102973b7ac43dbd3908507540" }, { "name": "RHSA-2006:0577", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2006-0577.html" }, { "name": "oval:org.mitre.oval:def:10826", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10826" }, { "name": "20887", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20887" }, { "name": "ADV-2006-2522", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2006/2522" }, { "name": "20810", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20810" }, { "name": "MDKSA-2006:115", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:115" }, { "name": "USN-307-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/307-1/" }, { "name": "2006-0038", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2006/0038" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://dev.mutt.org/cgi-bin/viewcvs.cgi/mutt/imap/browse.c?r1=1.34.2.2\u0026r2=1.34.2.3" }, { "name": "20854", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20854" }, { "name": "21135", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21135" }, { "name": "SSA:2006-207-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.472221" }, { "name": "18642", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/18642" }, { "name": "OpenPKG-SA-2006.013", "tags": [ "vendor-advisory", "x_refsource_OPENPKG" ], "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.013-mutt.html" }, { "name": "mutt-imap-namespace-bo(27428)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27428" }, { "name": "DSA-1108", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2006/dsa-1108" }, { "name": "SUSE-SR:2006:016", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html" }, { "name": "20836", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20836" }, { "name": "20060701-01-U", "tags": [ "vendor-advisory", "x_refsource_SGI" ], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U" }, { "name": "1016482", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1016482" }, { "name": "20960", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20960" }, { "name": "20060629 rPSA-2006-0116-1 mutt", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/438712/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-471" }, { "name": "21124", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/21124" }, { "name": "20879", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/20879" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3242", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "21220", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21220" }, { "name": "GLSA-200606-27", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-27.xml" }, { "name": "20895", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20895" }, { "name": "21039", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21039" }, { "name": "http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git;a=commit;h=dc0272b749f0e2b102973b7ac43dbd3908507540", "refsource": "CONFIRM", "url": "http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git;a=commit;h=dc0272b749f0e2b102973b7ac43dbd3908507540" }, { "name": "RHSA-2006:0577", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2006-0577.html" }, { "name": "oval:org.mitre.oval:def:10826", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10826" }, { "name": "20887", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20887" }, { "name": "ADV-2006-2522", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2522" }, { "name": "20810", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20810" }, { "name": "MDKSA-2006:115", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:115" }, { "name": "USN-307-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/307-1/" }, { "name": "2006-0038", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2006/0038" }, { "name": "http://dev.mutt.org/cgi-bin/viewcvs.cgi/mutt/imap/browse.c?r1=1.34.2.2\u0026r2=1.34.2.3", "refsource": "CONFIRM", "url": "http://dev.mutt.org/cgi-bin/viewcvs.cgi/mutt/imap/browse.c?r1=1.34.2.2\u0026r2=1.34.2.3" }, { "name": "20854", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20854" }, { "name": "21135", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21135" }, { "name": "SSA:2006-207-01", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.472221" }, { "name": "18642", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18642" }, { "name": "OpenPKG-SA-2006.013", "refsource": "OPENPKG", "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.013-mutt.html" }, { "name": "mutt-imap-namespace-bo(27428)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27428" }, { "name": "DSA-1108", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1108" }, { "name": "SUSE-SR:2006:016", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html" }, { "name": "20836", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20836" }, { "name": "20060701-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U" }, { "name": "1016482", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016482" }, { "name": "20960", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20960" }, { "name": "20060629 rPSA-2006-0116-1 mutt", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438712/100/0/threaded" }, { "name": "https://issues.rpath.com/browse/RPL-471", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-471" }, { "name": "21124", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21124" }, { "name": "20879", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20879" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3242", "datePublished": "2006-06-27T10:00:00", "dateReserved": "2006-06-26T00:00:00", "dateUpdated": "2024-08-07T18:23:20.786Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2003-0299
Vulnerability from cvelistv5
Published
2003-05-15 04:00
Modified
2024-08-08 01:50
Severity ?
EPSS score ?
Summary
The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors.
References
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=bugtraq&m=105294024124163&w=2 | mailing-list, x_refsource_BUGTRAQ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:50:47.111Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20030514 Buffer overflows in multiple IMAP clients", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-05-14T00:00:00", "descriptions": [ { "lang": "en", "value": "The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20030514 Buffer overflows in multiple IMAP clients", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0299", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20030514 Buffer overflows in multiple IMAP clients", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0299", "datePublished": "2003-05-15T04:00:00", "dateReserved": "2003-05-14T00:00:00", "dateUpdated": "2024-08-08T01:50:47.111Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14354
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:29
Severity ?
EPSS score ?
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:2526 | vendor-advisory, x_refsource_REDHAT | |
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d | x_refsource_MISC | |
https://usn.ubuntu.com/3719-3/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.debian.org/security/2018/dsa-4277 | vendor-advisory, x_refsource_DEBIAN | |
https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb | x_refsource_MISC | |
https://usn.ubuntu.com/3719-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/201810-07 | vendor-advisory, x_refsource_GENTOO | |
http://www.securityfocus.com/bid/104925 | vdb-entry, x_refsource_BID | |
http://www.mutt.org/news.html | x_refsource_MISC | |
https://neomutt.org/2018/07/16/release | x_refsource_MISC | |
https://usn.ubuntu.com/3719-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:29:50.150Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:2526", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2526" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d" }, { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb" }, { "name": "USN-3719-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-2/" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "name": "104925", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104925" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://neomutt.org/2018/07/16/release" }, { "name": "USN-3719-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-07-17T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2018:2526", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2526" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d" }, { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb" }, { "name": "USN-3719-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-2/" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "name": "104925", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104925" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://neomutt.org/2018/07/16/release" }, { "name": "USN-3719-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14354", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:2526", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2526" }, { "name": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d" }, { "name": "USN-3719-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb", "refsource": "MISC", "url": "https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb" }, { "name": "USN-3719-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-2/" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-07" }, { "name": "104925", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104925" }, { "name": "http://www.mutt.org/news.html", "refsource": "MISC", "url": "http://www.mutt.org/news.html" }, { "name": "https://neomutt.org/2018/07/16/release", "refsource": "MISC", "url": "https://neomutt.org/2018/07/16/release" }, { "name": "USN-3719-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14354", "datePublished": "2018-07-17T17:00:00", "dateReserved": "2018-07-17T00:00:00", "dateUpdated": "2024-08-05T09:29:50.150Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49395
Vulnerability from cvelistv5
Published
2024-11-12 02:08
Modified
2024-11-15 21:17
Severity ?
EPSS score ?
Summary
Mutt: neomutt: bcc email header field is indirectly leaked by cryptographic info block
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-49395 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2325332 | issue-tracking, x_refsource_REDHAT |
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49395", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-12T14:24:06.690435Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-12T14:24:21.209Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.com/muttmua/mutt", "defaultStatus": "affected", "packageName": "mutt" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "mutt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "mutt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "mutt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2024-11-11T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1230", "description": "Exposure of Sensitive Information Through Metadata", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T21:17:52.068Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-49395" }, { "name": "RHBZ#2325332", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325332" } ], "timeline": [ { "lang": "en", "time": "2024-11-11T21:24:01.125000+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-11-11T00:00:00+00:00", "value": "Made public." } ], "title": "Mutt: neomutt: bcc email header field is indirectly leaked by cryptographic info block", "x_redhatCweChain": "CWE-1230: Exposure of Sensitive Information Through Metadata" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-49395", "datePublished": "2024-11-12T02:08:03.548Z", "dateReserved": "2024-10-14T17:56:03.767Z", "dateUpdated": "2024-11-15T21:17:52.068Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2004-0078
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:01:23.755Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "SSA:2004-043", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.debian.org/126336" }, { "name": "20040215 LNSA-#2004-0001: mutt remote crash", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107696262905039\u0026w=2" }, { "name": "RHSA-2004:051", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-051.html" }, { "name": "oval:org.mitre.oval:def:811", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A811" }, { "name": "mutt-index-menu-bo(15134)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15134" }, { "name": "oval:org.mitre.oval:def:838", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A838" }, { "name": "9641", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9641" }, { "name": "20040211 Mutt-1.4.2 fixes buffer overflow.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107651677817933\u0026w=2" }, { "name": "RHSA-2004:050", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-050.html" }, { "name": "20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107884956930903\u0026w=2" }, { "name": "3918", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/3918" }, { "name": "MDKSA-2004:010", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010" }, { "name": "CSSA-2004-013.0", "tags": [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred" ], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-02-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2011-07-17T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "SSA:2004-043", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.debian.org/126336" }, { "name": "20040215 LNSA-#2004-0001: mutt remote crash", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107696262905039\u0026w=2" }, { "name": "RHSA-2004:051", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-051.html" }, { "name": "oval:org.mitre.oval:def:811", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A811" }, { "name": "mutt-index-menu-bo(15134)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15134" }, { "name": "oval:org.mitre.oval:def:838", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A838" }, { "name": "9641", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9641" }, { "name": "20040211 Mutt-1.4.2 fixes buffer overflow.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107651677817933\u0026w=2" }, { "name": "RHSA-2004:050", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-050.html" }, { "name": "20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107884956930903\u0026w=2" }, { "name": "3918", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/3918" }, { "name": "MDKSA-2004:010", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010" }, { "name": "CSSA-2004-013.0", "tags": [ "vendor-advisory", "x_refsource_CALDERA" ], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0078", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "SSA:2004-043", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.405053" }, { "name": "http://bugs.debian.org/126336", "refsource": "CONFIRM", "url": "http://bugs.debian.org/126336" }, { "name": "20040215 LNSA-#2004-0001: mutt remote crash", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107696262905039\u0026w=2" }, { "name": "RHSA-2004:051", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-051.html" }, { "name": "oval:org.mitre.oval:def:811", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A811" }, { "name": "mutt-index-menu-bo(15134)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15134" }, { "name": "oval:org.mitre.oval:def:838", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A838" }, { "name": "9641", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9641" }, { "name": "20040211 Mutt-1.4.2 fixes buffer overflow.", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107651677817933\u0026w=2" }, { "name": "RHSA-2004:050", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-050.html" }, { "name": "20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107884956930903\u0026w=2" }, { "name": "3918", "refsource": "OSVDB", "url": "http://www.osvdb.org/3918" }, { "name": "MDKSA-2004:010", "refsource": "MANDRAKE", "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010" }, { "name": "CSSA-2004-013.0", "refsource": "CALDERA", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0078", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2004-01-19T00:00:00", "dateUpdated": "2024-08-08T00:01:23.755Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2005-2642
Vulnerability from cvelistv5
Published
2005-08-21 04:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/14596 | vdb-entry, x_refsource_BID | |
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0600.html | mailing-list, x_refsource_FULLDISC | |
http://online.securityfocus.com/archive/1/408493 | mailing-list, x_refsource_BUGTRAQ | |
http://comments.gmane.org/gmane.mail.mutt.devel/8379 | x_refsource_MISC | |
http://online.securityfocus.com/archive/1/408501 | mailing-list, x_refsource_BUGTRAQ | |
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0594.html | mailing-list, x_refsource_FULLDISC | |
http://secunia.com/advisories/16485 | third-party-advisory, x_refsource_SECUNIA | |
http://securitytracker.com/id?1014729 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T22:45:01.313Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "14596", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/14596" }, { "name": "20050818 Re: mutt buffer overflow", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0600.html" }, { "name": "20050818 mutt buffer overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://online.securityfocus.com/archive/1/408493" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://comments.gmane.org/gmane.mail.mutt.devel/8379" }, { "name": "20050818 Re: mutt buffer overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://online.securityfocus.com/archive/1/408501" }, { "name": "20050818 mutt buffer overflow", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0594.html" }, { "name": "16485", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/16485" }, { "name": "1014729", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1014729" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-08-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2006-01-17T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "14596", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/14596" }, { "name": "20050818 Re: mutt buffer overflow", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0600.html" }, { "name": "20050818 mutt buffer overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://online.securityfocus.com/archive/1/408493" }, { "tags": [ "x_refsource_MISC" ], "url": "http://comments.gmane.org/gmane.mail.mutt.devel/8379" }, { "name": "20050818 Re: mutt buffer overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://online.securityfocus.com/archive/1/408501" }, { "name": "20050818 mutt buffer overflow", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0594.html" }, { "name": "16485", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/16485" }, { "name": "1014729", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1014729" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2642", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "14596", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14596" }, { "name": "20050818 Re: mutt buffer overflow", "refsource": "FULLDISC", "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0600.html" }, { "name": "20050818 mutt buffer overflow", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/408493" }, { "name": "http://comments.gmane.org/gmane.mail.mutt.devel/8379", "refsource": "MISC", "url": "http://comments.gmane.org/gmane.mail.mutt.devel/8379" }, { "name": "20050818 Re: mutt buffer overflow", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/408501" }, { "name": "20050818 mutt buffer overflow", "refsource": "FULLDISC", "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0594.html" }, { "name": "16485", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/16485" }, { "name": "1014729", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1014729" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2642", "datePublished": "2005-08-21T04:00:00", "dateReserved": "2005-08-21T00:00:00", "dateUpdated": "2024-08-07T22:45:01.313Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2005-2351
Vulnerability from cvelistv5
Published
2019-11-01 18:47
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files.
References
▼ | URL | Tags |
---|---|---|
https://security-tracker.debian.org/tracker/CVE-2005-2351 | x_refsource_MISC | |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311296 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T22:22:48.962Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2005-2351" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311296" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "mutt", "vendor": "mutt", "versions": [ { "status": "affected", "version": "before 1.5.20-7" } ] } ], "descriptions": [ { "lang": "en", "value": "Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files." } ], "problemTypes": [ { "descriptions": [ { "description": "Other", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-01T18:47:18", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://security-tracker.debian.org/tracker/CVE-2005-2351" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311296" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2005-2351", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "mutt", "version": { "version_data": [ { "version_value": "before 1.5.20-7" } ] } } ] }, "vendor_name": "mutt" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://security-tracker.debian.org/tracker/CVE-2005-2351", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2005-2351" }, { "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311296", "refsource": "MISC", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311296" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2005-2351", "datePublished": "2019-11-01T18:47:18", "dateReserved": "2005-07-22T00:00:00", "dateUpdated": "2024-08-07T22:22:48.962Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4875
Vulnerability from cvelistv5
Published
2023-09-09 14:30
Modified
2024-08-30 15:14
Severity ?
EPSS score ?
Summary
Undefined Behavior for Input to API in Mutt
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:38:00.765Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5494" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00021.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/26/6" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-4875", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-30T15:14:35.816969Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-30T15:14:47.158Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Mutt", "vendor": "Mutt", "versions": [ { "lessThan": "2.2.12", "status": "affected", "version": "1.5.2", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Chenyuan Mi" } ], "descriptions": [ { "lang": "en", "value": "Null pointer dereference when composing from a specially crafted draft message in Mutt \u003e1.5.2 \u003c2.2.12" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-475", "description": "CWE-475: Undefined Behavior for Input to API", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-29T15:04:50.526Z", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch" }, { "url": "https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch" } ], "solutions": [ { "lang": "en", "value": "Upgrade to version 2.2.12" } ], "title": "Undefined Behavior for Input to API in Mutt" } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-4875", "datePublished": "2023-09-09T14:30:24.864Z", "dateReserved": "2023-09-09T12:01:14.019Z", "dateUpdated": "2024-08-30T15:14:47.158Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-1429
Vulnerability from cvelistv5
Published
2011-03-16 22:00
Modified
2024-08-06 22:28
Severity ?
EPSS score ?
Summary
Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.
References
▼ | URL | Tags |
---|---|---|
http://www.redhat.com/support/errata/RHSA-2011-0959.html | vendor-advisory, x_refsource_REDHAT | |
http://secunia.com/advisories/44937 | third-party-advisory, x_refsource_SECUNIA | |
http://securityreason.com/securityalert/8143 | third-party-advisory, x_refsource_SREASON | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/66015 | vdb-entry, x_refsource_XF | |
http://seclists.org/fulldisclosure/2011/Mar/87 | mailing-list, x_refsource_FULLDISC | |
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061356.html | vendor-advisory, x_refsource_FEDORA | |
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061353.html | vendor-advisory, x_refsource_FEDORA | |
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061461.html | vendor-advisory, x_refsource_FEDORA | |
http://www.securityfocus.com/bid/46803 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:28:40.835Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2011:0959", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0959.html" }, { "name": "44937", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/44937" }, { "name": "8143", "tags": [ "third-party-advisory", "x_refsource_SREASON", "x_transferred" ], "url": "http://securityreason.com/securityalert/8143" }, { "name": "mutt-smtptls-weak-security(66015)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66015" }, { "name": "20110308 Mutt: failure to check server certificate in SMTP TLS connection", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2011/Mar/87" }, { "name": "FEDORA-2011-7751", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061356.html" }, { "name": "FEDORA-2011-7739", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061353.html" }, { "name": "FEDORA-2011-7756", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061461.html" }, { "name": "46803", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/46803" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-03-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2011:0959", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0959.html" }, { "name": "44937", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/44937" }, { "name": "8143", "tags": [ "third-party-advisory", "x_refsource_SREASON" ], "url": "http://securityreason.com/securityalert/8143" }, { "name": "mutt-smtptls-weak-security(66015)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66015" }, { "name": "20110308 Mutt: failure to check server certificate in SMTP TLS connection", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2011/Mar/87" }, { "name": "FEDORA-2011-7751", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061356.html" }, { "name": "FEDORA-2011-7739", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061353.html" }, { "name": "FEDORA-2011-7756", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061461.html" }, { "name": "46803", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/46803" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1429", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2011:0959", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-0959.html" }, { "name": "44937", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44937" }, { "name": "8143", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8143" }, { "name": "mutt-smtptls-weak-security(66015)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66015" }, { "name": "20110308 Mutt: failure to check server certificate in SMTP TLS connection", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2011/Mar/87" }, { "name": "FEDORA-2011-7751", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061356.html" }, { "name": "FEDORA-2011-7739", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061353.html" }, { "name": "FEDORA-2011-7756", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061461.html" }, { "name": "46803", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46803" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1429", "datePublished": "2011-03-16T22:00:00", "dateReserved": "2011-03-16T00:00:00", "dateUpdated": "2024-08-06T22:28:40.835Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14362
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:29
Severity ?
EPSS score ?
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.
References
▼ | URL | Tags |
---|---|---|
https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576 | x_refsource_MISC | |
https://access.redhat.com/errata/RHSA-2018:2526 | vendor-advisory, x_refsource_REDHAT | |
https://usn.ubuntu.com/3719-3/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.debian.org/security/2018/dsa-4277 | vendor-advisory, x_refsource_DEBIAN | |
https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/201810-07 | vendor-advisory, x_refsource_GENTOO | |
http://www.mutt.org/news.html | x_refsource_MISC | |
https://neomutt.org/2018/07/16/release | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:29:50.136Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576" }, { "name": "RHSA-2018:2526", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2526" }, { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://neomutt.org/2018/07/16/release" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-07-17T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a \u0027/\u0027 character." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576" }, { "name": "RHSA-2018:2526", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2526" }, { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://neomutt.org/2018/07/16/release" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14362", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a \u0027/\u0027 character." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576" }, { "name": "RHSA-2018:2526", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2526" }, { "name": "USN-3719-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e", "refsource": "MISC", "url": "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-07" }, { "name": "http://www.mutt.org/news.html", "refsource": "MISC", "url": "http://www.mutt.org/news.html" }, { "name": "https://neomutt.org/2018/07/16/release", "refsource": "MISC", "url": "https://neomutt.org/2018/07/16/release" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14362", "datePublished": "2018-07-17T17:00:00", "dateReserved": "2018-07-17T00:00:00", "dateUpdated": "2024-08-05T09:29:50.136Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-14093
Vulnerability from cvelistv5
Published
2020-06-15 04:06
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.
References
▼ | URL | Tags |
---|---|---|
http://www.mutt.org | x_refsource_MISC | |
https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01 | x_refsource_MISC | |
https://www.debian.org/security/2020/dsa-4707 | vendor-advisory, x_refsource_DEBIAN | |
https://bugs.gentoo.org/728300 | x_refsource_MISC | |
https://www.debian.org/security/2020/dsa-4708 | vendor-advisory, x_refsource_DEBIAN | |
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html | vendor-advisory, x_refsource_SUSE | |
https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/4401-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://security.gentoo.org/glsa/202007-57 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:39:35.895Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.mutt.org" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01" }, { "name": "DSA-4707", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4707" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.gentoo.org/728300" }, { "name": "DSA-4708", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4708" }, { "name": "openSUSE-SU-2020:0903", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html" }, { "name": "openSUSE-SU-2020:0915", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html" }, { "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html" }, { "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-2] mutt regression update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html" }, { "name": "USN-4401-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4401-1/" }, { "name": "GLSA-202007-57", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202007-57" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-28T21:06:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.mutt.org" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01" }, { "name": "DSA-4707", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4707" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.gentoo.org/728300" }, { "name": "DSA-4708", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4708" }, { "name": "openSUSE-SU-2020:0903", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html" }, { "name": "openSUSE-SU-2020:0915", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html" }, { "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html" }, { "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-2] mutt regression update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html" }, { "name": "USN-4401-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4401-1/" }, { "name": "GLSA-202007-57", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202007-57" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-14093", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.mutt.org", "refsource": "MISC", "url": "http://www.mutt.org" }, { "name": "https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01", "refsource": "MISC", "url": "https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01" }, { "name": "DSA-4707", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4707" }, { "name": "https://bugs.gentoo.org/728300", "refsource": "MISC", "url": "https://bugs.gentoo.org/728300" }, { "name": "DSA-4708", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4708" }, { "name": "openSUSE-SU-2020:0903", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html" }, { "name": "openSUSE-SU-2020:0915", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html" }, { "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-1] mutt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html" }, { "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-2] mutt regression update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html" }, { "name": "USN-4401-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4401-1/" }, { "name": "GLSA-202007-57", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202007-57" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-14093", "datePublished": "2020-06-15T04:06:04", "dateReserved": "2020-06-15T00:00:00", "dateUpdated": "2024-08-04T12:39:35.895Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-14954
Vulnerability from cvelistv5
Published
2020-06-21 16:55
Modified
2024-08-04 13:00
Severity ?
EPSS score ?
Summary
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T13:00:52.083Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4707", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4707" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.mutt.org/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/-/issues/248" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neomutt/neomutt/releases/tag/20200619" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc" }, { "name": "DSA-4708", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4708" }, { "name": "openSUSE-SU-2020:0903", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html" }, { "name": "openSUSE-SU-2020:0915", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html" }, { "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html" }, { "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-2] mutt regression update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html" }, { "name": "FEDORA-2020-1cb4c3697b", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3LXFVPTLK4PNHL6MPKJNJQJ25CH7GLQ/" }, { "name": "USN-4403-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4403-1/" }, { "name": "FEDORA-2020-31af2ac7fd", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFMEILCBKMZRRZDMUGWLVN4PQQ4VTAZE/" }, { "name": "GLSA-202007-57", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202007-57" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-28T21:06:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-4707", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4707" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.mutt.org/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/-/issues/248" }, { "tags": [ "x_refsource_MISC" ], "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neomutt/neomutt/releases/tag/20200619" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc" }, { "name": "DSA-4708", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4708" }, { "name": "openSUSE-SU-2020:0903", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html" }, { "name": "openSUSE-SU-2020:0915", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html" }, { "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html" }, { "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-2] mutt regression update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html" }, { "name": "FEDORA-2020-1cb4c3697b", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3LXFVPTLK4PNHL6MPKJNJQJ25CH7GLQ/" }, { "name": "USN-4403-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4403-1/" }, { "name": "FEDORA-2020-31af2ac7fd", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFMEILCBKMZRRZDMUGWLVN4PQQ4VTAZE/" }, { "name": "GLSA-202007-57", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202007-57" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-14954", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4707", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4707" }, { "name": "http://www.mutt.org/", "refsource": "MISC", "url": "http://www.mutt.org/" }, { "name": "https://gitlab.com/muttmua/mutt/-/issues/248", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/-/issues/248" }, { "name": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html", "refsource": "MISC", "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html" }, { "name": "https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4" }, { "name": "https://github.com/neomutt/neomutt/releases/tag/20200619", "refsource": "MISC", "url": "https://github.com/neomutt/neomutt/releases/tag/20200619" }, { "name": "https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc", "refsource": "MISC", "url": "https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc" }, { "name": "DSA-4708", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4708" }, { "name": "openSUSE-SU-2020:0903", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html" }, { "name": "openSUSE-SU-2020:0915", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html" }, { "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-1] mutt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html" }, { "name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-2] mutt regression update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html" }, { "name": "FEDORA-2020-1cb4c3697b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3LXFVPTLK4PNHL6MPKJNJQJ25CH7GLQ/" }, { "name": "USN-4403-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4403-1/" }, { "name": "FEDORA-2020-31af2ac7fd", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFMEILCBKMZRRZDMUGWLVN4PQQ4VTAZE/" }, { "name": "GLSA-202007-57", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202007-57" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-14954", "datePublished": "2020-06-21T16:55:41", "dateReserved": "2020-06-21T00:00:00", "dateUpdated": "2024-08-04T13:00:52.083Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-28896
Vulnerability from cvelistv5
Published
2020-11-23 18:52
Modified
2024-08-04 16:41
Severity ?
EPSS score ?
Summary
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.
References
▼ | URL | Tags |
---|---|---|
https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f | x_refsource_MISC | |
https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a | x_refsource_MISC | |
https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06 | x_refsource_MISC | |
https://github.com/neomutt/neomutt/releases/tag/20201120 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/202101-32 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:41:00.128Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neomutt/neomutt/releases/tag/20201120" }, { "name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2472-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html" }, { "name": "GLSA-202101-32", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202101-32" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-27T02:06:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neomutt/neomutt/releases/tag/20201120" }, { "name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2472-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html" }, { "name": "GLSA-202101-32", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202101-32" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-28896", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8f" }, { "name": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a" }, { "name": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06", "refsource": "MISC", "url": "https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06" }, { "name": "https://github.com/neomutt/neomutt/releases/tag/20201120", "refsource": "MISC", "url": "https://github.com/neomutt/neomutt/releases/tag/20201120" }, { "name": "[debian-lts-announce] 20201130 [SECURITY] [DLA 2472-1] mutt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00048.html" }, { "name": "GLSA-202101-32", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202101-32" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-28896", "datePublished": "2020-11-23T18:52:13", "dateReserved": "2020-11-17T00:00:00", "dateUpdated": "2024-08-04T16:41:00.128Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14349
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3719-3/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.debian.org/security/2018/dsa-4277 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html | mailing-list, x_refsource_MLIST | |
https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416 | x_refsource_MISC | |
https://security.gentoo.org/glsa/201810-07 | vendor-advisory, x_refsource_GENTOO | |
http://www.mutt.org/news.html | x_refsource_MISC | |
https://neomutt.org/2018/07/16/release | x_refsource_MISC | |
https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:21:41.654Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://neomutt.org/2018/07/16/release" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-07-17T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://neomutt.org/2018/07/16/release" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14349", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3719-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416" }, { "name": "GLSA-201810-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-07" }, { "name": "http://www.mutt.org/news.html", "refsource": "MISC", "url": "http://www.mutt.org/news.html" }, { "name": "https://neomutt.org/2018/07/16/release", "refsource": "MISC", "url": "https://neomutt.org/2018/07/16/release" }, { "name": "https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1", "refsource": "MISC", "url": "https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14349", "datePublished": "2018-07-17T17:00:00", "dateReserved": "2018-07-17T00:00:00", "dateUpdated": "2024-08-05T09:21:41.654Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14357
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:29
Severity ?
EPSS score ?
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:2526 | vendor-advisory, x_refsource_REDHAT | |
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d | x_refsource_MISC | |
https://usn.ubuntu.com/3719-3/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.debian.org/security/2018/dsa-4277 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html | mailing-list, x_refsource_MLIST | |
https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725 | x_refsource_MISC | |
https://security.gentoo.org/glsa/201810-07 | vendor-advisory, x_refsource_GENTOO | |
http://www.mutt.org/news.html | x_refsource_MISC | |
https://neomutt.org/2018/07/16/release | x_refsource_MISC | |
https://usn.ubuntu.com/3719-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:29:50.597Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:2526", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2526" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d" }, { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://neomutt.org/2018/07/16/release" }, { "name": "USN-3719-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-07-17T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2018:2526", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2526" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d" }, { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://neomutt.org/2018/07/16/release" }, { "name": "USN-3719-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14357", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:2526", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2526" }, { "name": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d" }, { "name": "USN-3719-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725", "refsource": "MISC", "url": "https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725" }, { "name": "GLSA-201810-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-07" }, { "name": "http://www.mutt.org/news.html", "refsource": "MISC", "url": "http://www.mutt.org/news.html" }, { "name": "https://neomutt.org/2018/07/16/release", "refsource": "MISC", "url": "https://neomutt.org/2018/07/16/release" }, { "name": "USN-3719-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14357", "datePublished": "2018-07-17T17:00:00", "dateReserved": "2018-07-17T00:00:00", "dateUpdated": "2024-08-05T09:29:50.597Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14359
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:29
Severity ?
EPSS score ?
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3719-3/ | vendor-advisory, x_refsource_UBUNTU | |
https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a | x_refsource_MISC | |
https://www.debian.org/security/2018/dsa-4277 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/3719-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/201810-07 | vendor-advisory, x_refsource_GENTOO | |
http://www.mutt.org/news.html | x_refsource_MISC | |
https://neomutt.org/2018/07/16/release | x_refsource_MISC | |
https://usn.ubuntu.com/3719-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:29:50.128Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "USN-3719-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-2/" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://neomutt.org/2018/07/16/release" }, { "name": "USN-3719-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-07-17T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "USN-3719-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-2/" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://neomutt.org/2018/07/16/release" }, { "name": "USN-3719-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14359", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3719-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a" }, { "name": "DSA-4277", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "USN-3719-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-2/" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-07" }, { "name": "http://www.mutt.org/news.html", "refsource": "MISC", "url": "http://www.mutt.org/news.html" }, { "name": "https://neomutt.org/2018/07/16/release", "refsource": "MISC", "url": "https://neomutt.org/2018/07/16/release" }, { "name": "USN-3719-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-1/" }, { "name": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85", "refsource": "MISC", "url": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14359", "datePublished": "2018-07-17T17:00:00", "dateReserved": "2018-07-17T00:00:00", "dateUpdated": "2024-08-05T09:29:50.128Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14351
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3719-3/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.debian.org/security/2018/dsa-4277 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html | mailing-list, x_refsource_MLIST | |
https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741 | x_refsource_MISC | |
https://security.gentoo.org/glsa/201810-07 | vendor-advisory, x_refsource_GENTOO | |
http://www.mutt.org/news.html | x_refsource_MISC | |
https://neomutt.org/2018/07/16/release | x_refsource_MISC | |
https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:21:41.668Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://neomutt.org/2018/07/16/release" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-07-17T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://neomutt.org/2018/07/16/release" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14351", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3719-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741", "refsource": "MISC", "url": "https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741" }, { "name": "GLSA-201810-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-07" }, { "name": "http://www.mutt.org/news.html", "refsource": "MISC", "url": "http://www.mutt.org/news.html" }, { "name": "https://neomutt.org/2018/07/16/release", "refsource": "MISC", "url": "https://neomutt.org/2018/07/16/release" }, { "name": "https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14351", "datePublished": "2018-07-17T17:00:00", "dateReserved": "2018-07-17T00:00:00", "dateUpdated": "2024-08-05T09:21:41.668Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2003-0140
Vulnerability from cvelistv5
Published
2003-03-21 05:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:43:35.807Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "CLA-2003:626", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000626" }, { "name": "RHSA-2003:109", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-109.html" }, { "name": "mutt-folder-name-bo(11583)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11583" }, { "name": "20030430 GLSA: balsa (200304-10)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=105171507629573\u0026w=2" }, { "name": "20030320 [OpenPKG-SA-2003.025] OpenPKG Security Advisory (mutt)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=104817995421439\u0026w=2" }, { "name": "20030322 GLSA: mutt (200303-19)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=104852190605988\u0026w=2" }, { "name": "oval:org.mitre.oval:def:2", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2" }, { "name": "20030320 CORE-20030304-02: Vulnerability in Mutt Mail User Agent", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=104818814931378\u0026w=2" }, { "name": "7120", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/7120" }, { "name": "GLSA-200303-19", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-19.xml" }, { "name": "20030319 mutt-1.4.1 fixes a buffer overflow.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/315679" }, { "name": "oval:org.mitre.oval:def:434", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A434" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.coresecurity.com/common/showdoc.php?idx=310\u0026idxseccion=10" }, { "name": "DSA-268", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2003/dsa-268" }, { "name": "SuSE-SA:2003:020", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2003_020_mutt.html" }, { "name": "CLA-2003:630", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000630" }, { "name": "MDKSA-2003:041", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:041" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-03-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "CLA-2003:626", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000626" }, { "name": "RHSA-2003:109", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-109.html" }, { "name": "mutt-folder-name-bo(11583)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11583" }, { "name": "20030430 GLSA: balsa (200304-10)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=105171507629573\u0026w=2" }, { "name": "20030320 [OpenPKG-SA-2003.025] OpenPKG Security Advisory (mutt)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=104817995421439\u0026w=2" }, { "name": "20030322 GLSA: mutt (200303-19)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=104852190605988\u0026w=2" }, { "name": "oval:org.mitre.oval:def:2", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2" }, { "name": "20030320 CORE-20030304-02: Vulnerability in Mutt Mail User Agent", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=104818814931378\u0026w=2" }, { "name": "7120", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/7120" }, { "name": "GLSA-200303-19", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-19.xml" }, { "name": "20030319 mutt-1.4.1 fixes a buffer overflow.", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/315679" }, { "name": "oval:org.mitre.oval:def:434", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A434" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.coresecurity.com/common/showdoc.php?idx=310\u0026idxseccion=10" }, { "name": "DSA-268", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2003/dsa-268" }, { "name": "SuSE-SA:2003:020", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2003_020_mutt.html" }, { "name": "CLA-2003:630", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000630" }, { "name": "MDKSA-2003:041", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:041" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0140", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "CLA-2003:626", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000626" }, { "name": "RHSA-2003:109", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-109.html" }, { "name": "mutt-folder-name-bo(11583)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11583" }, { "name": "20030430 GLSA: balsa (200304-10)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=105171507629573\u0026w=2" }, { "name": "20030320 [OpenPKG-SA-2003.025] OpenPKG Security Advisory (mutt)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=104817995421439\u0026w=2" }, { "name": "20030322 GLSA: mutt (200303-19)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=104852190605988\u0026w=2" }, { "name": "oval:org.mitre.oval:def:2", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2" }, { "name": "20030320 CORE-20030304-02: Vulnerability in Mutt Mail User Agent", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=104818814931378\u0026w=2" }, { "name": "7120", "refsource": "BID", "url": "http://www.securityfocus.com/bid/7120" }, { "name": "GLSA-200303-19", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-19.xml" }, { "name": "20030319 mutt-1.4.1 fixes a buffer overflow.", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/315679" }, { "name": "oval:org.mitre.oval:def:434", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A434" }, { "name": "http://www.coresecurity.com/common/showdoc.php?idx=310\u0026idxseccion=10", "refsource": "MISC", "url": "http://www.coresecurity.com/common/showdoc.php?idx=310\u0026idxseccion=10" }, { "name": "DSA-268", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2003/dsa-268" }, { "name": "SuSE-SA:2003:020", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2003_020_mutt.html" }, { "name": "CLA-2003:630", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000630" }, { "name": "MDKSA-2003:041", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:041" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0140", "datePublished": "2003-03-21T05:00:00", "dateReserved": "2003-03-13T00:00:00", "dateUpdated": "2024-08-08T01:43:35.807Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-3765
Vulnerability from cvelistv5
Published
2009-10-23 19:00
Modified
2024-09-16 20:22
Severity ?
EPSS score ?
Summary
mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=oss-security&m=125369675820512&w=2 | mailing-list, x_refsource_MLIST | |
http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.c | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html | vendor-advisory, x_refsource_SUSE | |
http://marc.info/?l=oss-security&m=125198917018936&w=2 | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:38:30.362Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.c" }, { "name": "SUSE-SR:2009:016", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" }, { "name": "[oss-security] 20090903 More CVE-2009-2408 like issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2009-10-23T19:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.c" }, { "name": "SUSE-SR:2009:016", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" }, { "name": "[oss-security] 20090903 More CVE-2009-2408 like issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3765", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2" }, { "name": "http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.c", "refsource": "CONFIRM", "url": "http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.c" }, { "name": "SUSE-SR:2009:016", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html" }, { "name": "[oss-security] 20090903 More CVE-2009-2408 like issues", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3765", "datePublished": "2009-10-23T19:00:00Z", "dateReserved": "2009-10-23T00:00:00Z", "dateUpdated": "2024-09-16T20:22:26.580Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2003-0167
Vulnerability from cvelistv5
Published
2003-03-29 05:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/7229 | vdb-entry, x_refsource_BID | |
http://www.debian.org/security/2003/dsa-274 | vendor-advisory, x_refsource_DEBIAN | |
http://www.debian.org/security/2003/dsa-300 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:43:36.032Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "7229", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/7229" }, { "name": "DSA-274", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2003/dsa-274" }, { "name": "DSA-300", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2003/dsa-300" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-03-28T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2003-05-08T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "7229", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/7229" }, { "name": "DSA-274", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2003/dsa-274" }, { "name": "DSA-300", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2003/dsa-300" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0167", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "7229", "refsource": "BID", "url": "http://www.securityfocus.com/bid/7229" }, { "name": "DSA-274", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2003/dsa-274" }, { "name": "DSA-300", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2003/dsa-300" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0167", "datePublished": "2003-03-29T05:00:00", "dateReserved": "2003-03-27T00:00:00", "dateUpdated": "2024-08-08T01:43:36.032Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-2683
Vulnerability from cvelistv5
Published
2007-05-15 21:00
Modified
2024-08-07 13:49
Severity ?
EPSS score ?
Summary
Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T13:49:57.139Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "25529", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25529" }, { "name": "1018066", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1018066" }, { "name": "2007-0024", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX", "x_transferred" ], "url": "http://www.trustix.org/errata/2007/0024/" }, { "name": "26415", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26415" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://dev.mutt.org/trac/ticket/2885" }, { "name": "25408", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25408" }, { "name": "34973", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/34973" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890" }, { "name": "oval:org.mitre.oval:def:10543", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10543" }, { "name": "25546", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25546" }, { "name": "25515", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25515" }, { "name": "mutt-gecos-bo(34441)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34441" }, { "name": "MDKSA-2007:113", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113" }, { "name": "RHSA-2007:0386", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html" }, { "name": "24192", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/24192" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-1391" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-05-11T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via \"\u0026\" characters in the GECOS field, which triggers the overflow during alias expansion." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "25529", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25529" }, { "name": "1018066", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1018066" }, { "name": "2007-0024", "tags": [ "vendor-advisory", "x_refsource_TRUSTIX" ], "url": "http://www.trustix.org/errata/2007/0024/" }, { "name": "26415", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26415" }, { "tags": [ "x_refsource_MISC" ], "url": "http://dev.mutt.org/trac/ticket/2885" }, { "name": "25408", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25408" }, { "name": "34973", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/34973" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890" }, { "name": "oval:org.mitre.oval:def:10543", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10543" }, { "name": "25546", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25546" }, { "name": "25515", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25515" }, { "name": "mutt-gecos-bo(34441)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34441" }, { "name": "MDKSA-2007:113", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113" }, { "name": "RHSA-2007:0386", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html" }, { "name": "24192", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/24192" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-1391" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2683", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via \"\u0026\" characters in the GECOS field, which triggers the overflow during alias expansion." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "25529", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25529" }, { "name": "1018066", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018066" }, { "name": "2007-0024", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0024/" }, { "name": "26415", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26415" }, { "name": "http://dev.mutt.org/trac/ticket/2885", "refsource": "MISC", "url": "http://dev.mutt.org/trac/ticket/2885" }, { "name": "25408", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25408" }, { "name": "34973", "refsource": "OSVDB", "url": "http://osvdb.org/34973" }, { "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239890" }, { "name": "oval:org.mitre.oval:def:10543", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10543" }, { "name": "25546", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25546" }, { "name": "25515", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25515" }, { "name": "mutt-gecos-bo(34441)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34441" }, { "name": "MDKSA-2007:113", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113" }, { "name": "RHSA-2007:0386", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html" }, { "name": "24192", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24192" }, { "name": "https://issues.rpath.com/browse/RPL-1391", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1391" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2683", "datePublished": "2007-05-15T21:00:00", "dateReserved": "2007-05-15T00:00:00", "dateUpdated": "2024-08-07T13:49:57.139Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14358
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:29
Severity ?
EPSS score ?
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3719-3/ | vendor-advisory, x_refsource_UBUNTU | |
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870 | x_refsource_MISC | |
https://www.debian.org/security/2018/dsa-4277 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/201810-07 | vendor-advisory, x_refsource_GENTOO | |
http://www.mutt.org/news.html | x_refsource_MISC | |
https://neomutt.org/2018/07/16/release | x_refsource_MISC | |
https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485 | x_refsource_MISC | |
https://usn.ubuntu.com/3719-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:29:50.097Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://neomutt.org/2018/07/16/release" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485" }, { "name": "USN-3719-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-07-17T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://neomutt.org/2018/07/16/release" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485" }, { "name": "USN-3719-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14358", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3719-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870" }, { "name": "DSA-4277", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-07" }, { "name": "http://www.mutt.org/news.html", "refsource": "MISC", "url": "http://www.mutt.org/news.html" }, { "name": "https://neomutt.org/2018/07/16/release", "refsource": "MISC", "url": "https://neomutt.org/2018/07/16/release" }, { "name": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485", "refsource": "MISC", "url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485" }, { "name": "USN-3719-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14358", "datePublished": "2018-07-17T17:00:00", "dateReserved": "2018-07-17T00:00:00", "dateUpdated": "2024-08-05T09:29:50.097Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-1999-0941
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:55
Severity ?
EPSS score ?
Summary
Mutt mail client allows a remote attacker to execute commands via shell metacharacters.
References
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=bugtraq&m=90221104526154&w=2 | mailing-list, x_refsource_BUGTRAQ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T16:55:29.349Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "19980728 mutt x.x", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=90221104526154\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "1998-07-28T00:00:00", "descriptions": [ { "lang": "en", "value": "Mutt mail client allows a remote attacker to execute commands via shell metacharacters." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "19980728 mutt x.x", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=90221104526154\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-0941", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mutt mail client allows a remote attacker to execute commands via shell metacharacters." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "19980728 mutt x.x", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=90221104526154\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-0941", "datePublished": "2000-02-04T05:00:00", "dateReserved": "1999-12-08T00:00:00", "dateUpdated": "2024-08-01T16:55:29.349Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2003-0300
Vulnerability from cvelistv5
Published
2003-05-15 04:00
Modified
2024-08-08 01:50
Severity ?
EPSS score ?
Summary
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
References
▼ | URL | Tags |
---|---|---|
http://marc.info/?l=bugtraq&m=105294024124163&w=2 | mailing-list, x_refsource_BUGTRAQ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T01:50:47.085Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20030514 Buffer overflows in multiple IMAP clients", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2003-05-14T00:00:00", "descriptions": [ { "lang": "en", "value": "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20030514 Buffer overflows in multiple IMAP clients", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0300", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20030514 Buffer overflows in multiple IMAP clients", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=105294024124163\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0300", "datePublished": "2003-05-15T04:00:00", "dateReserved": "2003-05-14T00:00:00", "dateUpdated": "2024-08-08T01:50:47.085Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1328
Vulnerability from cvelistv5
Published
2022-04-14 00:00
Modified
2024-08-03 00:03
Severity ?
EPSS score ?
Summary
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:03:05.707Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/-/issues/404" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.json" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Mutt", "vendor": "Mutt", "versions": [ { "status": "affected", "version": "\u003e=0.94.13, \u003c2.2.3" } ] } ], "credits": [ { "lang": "en", "value": "Tavis Ormandy" } ], "descriptions": [ { "lang": "en", "value": "Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Improper restriction of operations within the bounds of a memory buffer in Mutt", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-10T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://gitlab.com/muttmua/mutt/-/issues/404" }, { "url": "https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.json" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2022-1328", "datePublished": "2022-04-14T00:00:00", "dateReserved": "2022-04-12T00:00:00", "dateUpdated": "2024-08-03T00:03:05.707Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-1390
Vulnerability from cvelistv5
Published
2009-06-16 20:26
Modified
2024-08-07 05:13
Severity ?
EPSS score ?
Summary
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/35288 | vdb-entry, x_refsource_BID | |
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html | vendor-advisory, x_refsource_FEDORA | |
http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/51068 | vdb-entry, x_refsource_XF | |
http://dev.mutt.org/hg/mutt/rev/8f11dd00c770 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2009/06/10/2 | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:13:25.481Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "35288", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35288" }, { "name": "FEDORA-2009-6465", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a" }, { "name": "mutt-x509-security-bypass(51068)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51068" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770" }, { "name": "[oss-security] 20090610 Mutt 1.5.19 SSL chain verification flaw", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2009/06/10/2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-06-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "35288", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35288" }, { "name": "FEDORA-2009-6465", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a" }, { "name": "mutt-x509-security-bypass(51068)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51068" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770" }, { "name": "[oss-security] 20090610 Mutt 1.5.19 SSL chain verification flaw", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2009/06/10/2" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-1390", "datePublished": "2009-06-16T20:26:00", "dateReserved": "2009-04-23T00:00:00", "dateUpdated": "2024-08-07T05:13:25.481Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9116
Vulnerability from cvelistv5
Published
2014-12-02 16:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T13:33:13.432Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168463" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125" }, { "name": "SUSE-SU-2015:0012", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.html" }, { "name": "1031266", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031266" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://dev.mutt.org/trac/ticket/3716" }, { "name": "[oss-security] 20141127 CVE request: mutt: heap-based buffer overflow in mutt_substrdup()", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/11/27/5" }, { "name": "MDVSA-2015:078", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:078" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0509.html" }, { "name": "GLSA-201701-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201701-04" }, { "name": "[oss-security] 20141126 Re: CVE request: mutt: heap-based buffer overflow in mutt_substrdup()", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/11/27/9" }, { "name": "71334", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/71334" }, { "name": "DSA-3083", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-3083" }, { "name": "MDVSA-2014:245", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:245" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-11-26T00:00:00", "descriptions": [ { "lang": "en", "value": "The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168463" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125" }, { "name": "SUSE-SU-2015:0012", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.html" }, { "name": "1031266", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031266" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://dev.mutt.org/trac/ticket/3716" }, { "name": "[oss-security] 20141127 CVE request: mutt: heap-based buffer overflow in mutt_substrdup()", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2014/11/27/5" }, { "name": "MDVSA-2015:078", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:078" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0509.html" }, { "name": "GLSA-201701-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201701-04" }, { "name": "[oss-security] 20141126 Re: CVE request: mutt: heap-based buffer overflow in mutt_substrdup()", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2014/11/27/9" }, { "name": "71334", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/71334" }, { "name": "DSA-3083", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-3083" }, { "name": "MDVSA-2014:245", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:245" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9116", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1168463", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168463" }, { "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125" }, { "name": "SUSE-SU-2015:0012", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.html" }, { "name": "1031266", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031266" }, { "name": "http://dev.mutt.org/trac/ticket/3716", "refsource": "CONFIRM", "url": "http://dev.mutt.org/trac/ticket/3716" }, { "name": "[oss-security] 20141127 CVE request: mutt: heap-based buffer overflow in mutt_substrdup()", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/11/27/5" }, { "name": "MDVSA-2015:078", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:078" }, { "name": "http://advisories.mageia.org/MGASA-2014-0509.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0509.html" }, { "name": "GLSA-201701-04", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-04" }, { "name": "[oss-security] 20141126 Re: CVE request: mutt: heap-based buffer overflow in mutt_substrdup()", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/11/27/9" }, { "name": "71334", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71334" }, { "name": "DSA-3083", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3083" }, { "name": "MDVSA-2014:245", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:245" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9116", "datePublished": "2014-12-02T16:00:00", "dateReserved": "2014-11-26T00:00:00", "dateUpdated": "2024-08-06T13:33:13.432Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14355
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:29
Severity ?
EPSS score ?
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name.
References
▼ | URL | Tags |
---|---|---|
https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d | x_refsource_MISC | |
https://usn.ubuntu.com/3719-3/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.debian.org/security/2018/dsa-4277 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html | mailing-list, x_refsource_MLIST | |
https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d | x_refsource_MISC | |
https://security.gentoo.org/glsa/201810-07 | vendor-advisory, x_refsource_GENTOO | |
http://www.mutt.org/news.html | x_refsource_MISC | |
https://neomutt.org/2018/07/16/release | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:29:50.131Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d" }, { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://neomutt.org/2018/07/16/release" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-07-17T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles \"..\" directory traversal in a mailbox name." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d" }, { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://neomutt.org/2018/07/16/release" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14355", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles \"..\" directory traversal in a mailbox name." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d" }, { "name": "USN-3719-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "DSA-4277", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d", "refsource": "MISC", "url": "https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d" }, { "name": "GLSA-201810-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-07" }, { "name": "http://www.mutt.org/news.html", "refsource": "MISC", "url": "http://www.mutt.org/news.html" }, { "name": "https://neomutt.org/2018/07/16/release", "refsource": "MISC", "url": "https://neomutt.org/2018/07/16/release" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14355", "datePublished": "2018-07-17T17:00:00", "dateReserved": "2018-07-17T00:00:00", "dateUpdated": "2024-08-05T09:29:50.131Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32055
Vulnerability from cvelistv5
Published
2021-05-05 15:06
Modified
2024-08-03 23:17
Severity ?
EPSS score ?
Summary
Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.
References
▼ | URL | Tags |
---|---|---|
https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5 | x_refsource_MISC | |
http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html | x_refsource_MISC | |
https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc | x_refsource_MISC | |
https://security.gentoo.org/glsa/202105-05 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:17:29.124Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc" }, { "name": "GLSA-202105-05", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202105-05" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-26T09:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5" }, { "tags": [ "x_refsource_MISC" ], "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc" }, { "name": "GLSA-202105-05", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202105-05" } ], "source": { "discovery": "INTERNAL" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-32055", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5" }, { "name": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html", "refsource": "MISC", "url": "http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html" }, { "name": "https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc", "refsource": "MISC", "url": "https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc" }, { "name": "GLSA-202105-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202105-05" } ] }, "source": { "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-32055", "datePublished": "2021-05-05T15:06:52", "dateReserved": "2021-05-05T00:00:00", "dateUpdated": "2024-08-03T23:17:29.124Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-0467
Vulnerability from cvelistv5
Published
2014-03-14 15:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion.
References
▼ | URL | Tags |
---|---|---|
http://www.debian.org/security/2014/dsa-2874 | vendor-advisory, x_refsource_DEBIAN | |
http://www.ubuntu.com/usn/USN-2147-1 | vendor-advisory, x_refsource_UBUNTU | |
http://rhn.redhat.com/errata/RHSA-2014-0304.html | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/66165 | vdb-entry, x_refsource_BID | |
http://www.mutt.org/doc/devel/ChangeLog | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html | vendor-advisory, x_refsource_SUSE | |
http://www.securitytracker.com/id/1029919 | vdb-entry, x_refsource_SECTRACK | |
http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.html | vendor-advisory, x_refsource_SUSE |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:20:17.952Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-2874", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2874" }, { "name": "USN-2147-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2147-1" }, { "name": "RHSA-2014:0304", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0304.html" }, { "name": "66165", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/66165" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mutt.org/doc/devel/ChangeLog" }, { "name": "SUSE-SU-2014:0471", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html" }, { "name": "1029919", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1029919" }, { "name": "openSUSE-SU-2014:0434", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.html" }, { "name": "openSUSE-SU-2014:0436", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-03-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-29T18:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "name": "DSA-2874", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2874" }, { "name": "USN-2147-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2147-1" }, { "name": "RHSA-2014:0304", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0304.html" }, { "name": "66165", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/66165" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mutt.org/doc/devel/ChangeLog" }, { "name": "SUSE-SU-2014:0471", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html" }, { "name": "1029919", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1029919" }, { "name": "openSUSE-SU-2014:0434", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.html" }, { "name": "openSUSE-SU-2014:0436", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2014-0467", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-2874", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2874" }, { "name": "USN-2147-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2147-1" }, { "name": "RHSA-2014:0304", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0304.html" }, { "name": "66165", "refsource": "BID", "url": "http://www.securityfocus.com/bid/66165" }, { "name": "http://www.mutt.org/doc/devel/ChangeLog", "refsource": "CONFIRM", "url": "http://www.mutt.org/doc/devel/ChangeLog" }, { "name": "SUSE-SU-2014:0471", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html" }, { "name": "1029919", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029919" }, { "name": "openSUSE-SU-2014:0434", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.html" }, { "name": "openSUSE-SU-2014:0436", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2014-0467", "datePublished": "2014-03-14T15:00:00", "dateReserved": "2013-12-19T00:00:00", "dateUpdated": "2024-08-06T09:20:17.952Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14350
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/104931 | vdb-entry, x_refsource_BID | |
https://usn.ubuntu.com/3719-3/ | vendor-advisory, x_refsource_UBUNTU | |
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870 | x_refsource_MISC | |
https://www.debian.org/security/2018/dsa-4277 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/3719-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/201810-07 | vendor-advisory, x_refsource_GENTOO | |
http://www.mutt.org/news.html | x_refsource_MISC | |
https://neomutt.org/2018/07/16/release | x_refsource_MISC | |
https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485 | x_refsource_MISC | |
https://usn.ubuntu.com/3719-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:21:41.686Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "104931", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104931" }, { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "USN-3719-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-2/" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://neomutt.org/2018/07/16/release" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485" }, { "name": "USN-3719-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-07-17T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "104931", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104931" }, { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "USN-3719-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-2/" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://neomutt.org/2018/07/16/release" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485" }, { "name": "USN-3719-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14350", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "104931", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104931" }, { "name": "USN-3719-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870" }, { "name": "DSA-4277", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "USN-3719-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-2/" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-07" }, { "name": "http://www.mutt.org/news.html", "refsource": "MISC", "url": "http://www.mutt.org/news.html" }, { "name": "https://neomutt.org/2018/07/16/release", "refsource": "MISC", "url": "https://neomutt.org/2018/07/16/release" }, { "name": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485", "refsource": "MISC", "url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485" }, { "name": "USN-3719-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14350", "datePublished": "2018-07-17T17:00:00", "dateReserved": "2018-07-17T00:00:00", "dateUpdated": "2024-08-05T09:21:41.686Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49394
Vulnerability from cvelistv5
Published
2024-11-12 02:07
Modified
2024-11-15 21:17
Severity ?
EPSS score ?
Summary
Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-49394 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2325330 | issue-tracking, x_refsource_REDHAT |
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49394", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-12T14:24:55.879023Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-12T14:25:14.390Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.com/muttmua/mutt", "defaultStatus": "affected", "packageName": "mutt" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "mutt", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "mutt", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "mutt", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2024-11-11T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-347", "description": "Improper Verification of Cryptographic Signature", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T21:17:38.087Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-49394" }, { "name": "RHBZ#2325330", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325330" } ], "timeline": [ { "lang": "en", "time": "2024-11-11T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-11-11T00:00:00+00:00", "value": "Made public." } ], "title": "Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing", "x_redhatCweChain": "CWE-347: Improper Verification of Cryptographic Signature" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-49394", "datePublished": "2024-11-12T02:07:19.551Z", "dateReserved": "2024-10-14T17:56:03.767Z", "dateUpdated": "2024-11-15T21:17:38.087Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14356
Vulnerability from cvelistv5
Published
2018-07-17 17:00
Modified
2024-08-05 09:29
Severity ?
EPSS score ?
Summary
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3719-3/ | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82 | x_refsource_MISC | |
https://www.debian.org/security/2018/dsa-4277 | vendor-advisory, x_refsource_DEBIAN | |
https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/201810-07 | vendor-advisory, x_refsource_GENTOO | |
http://www.mutt.org/news.html | x_refsource_MISC | |
https://neomutt.org/2018/07/16/release | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:29:50.099Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://neomutt.org/2018/07/16/release" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-07-17T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3719-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3719-3/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82" }, { "name": "DSA-4277", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201810-07" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.mutt.org/news.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://neomutt.org/2018/07/16/release" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14356", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3719-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3719-3/" }, { "name": "https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82", "refsource": "MISC", "url": "https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82" }, { "name": "DSA-4277", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4277" }, { "name": "https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6", "refsource": "MISC", "url": "https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6" }, { "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "name": "GLSA-201810-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-07" }, { "name": "http://www.mutt.org/news.html", "refsource": "MISC", "url": "http://www.mutt.org/news.html" }, { "name": "https://neomutt.org/2018/07/16/release", "refsource": "MISC", "url": "https://neomutt.org/2018/07/16/release" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14356", "datePublished": "2018-07-17T17:00:00", "dateReserved": "2018-07-17T00:00:00", "dateUpdated": "2024-08-05T09:29:50.099Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4874
Vulnerability from cvelistv5
Published
2023-09-09 14:30
Modified
2024-08-30 15:16
Severity ?
EPSS score ?
Summary
Undefined Behavior for Input to API in Mutt
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:38:00.766Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0.patch" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5494" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00021.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/26/6" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-4874", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-30T15:16:03.661876Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-30T15:16:17.679Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Mutt", "vendor": "Mutt", "versions": [ { "lessThan": "2.2.12", "status": "affected", "version": "1.5.2", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Chenyuan Mi, Kevin McCarthy" } ], "descriptions": [ { "lang": "en", "value": "Null pointer dereference when viewing a specially crafted email in Mutt \u003e1.5.2 \u003c2.2.12" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-475", "description": "CWE-475: Undefined Behavior for Input to API", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-29T15:04:50.443Z", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch" }, { "url": "https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0.patch" } ], "solutions": [ { "lang": "en", "value": "Upgrade to version 2.2.12" } ], "title": "Undefined Behavior for Input to API in Mutt" } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-4874", "datePublished": "2023-09-09T14:30:29.741Z", "dateReserved": "2023-09-09T12:01:09.124Z", "dateUpdated": "2024-08-30T15:16:17.679Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
jvndb-2007-000295
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2009-08-06 11:39
Summary
APOP password recovery vulnerability
Details
POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol.
It is reported that APOP passwords could be recovered by third parties.
In its successful attack, the attacker spoofs itself as the mail server, provides challenge strings to the client, and collects the responses from the client. The attacker should repeat this process for a certain period of time without alerting the user of the attack.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000295.html", "dc:date": "2009-08-06T11:39+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2009-08-06T11:39+09:00", "description": "POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol.\r\n\r\nIt is reported that APOP passwords could be recovered by third parties.\r\n\r\nIn its successful attack, the attacker spoofs itself as the mail server, provides challenge strings to the client, and collects the responses from the client. The attacker should repeat this process for a certain period of time without alerting the user of the attack.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000295.html", "sec:cpe": [ { "#text": "cpe:/a:claws_mail:claws_mail", "@product": "Claws Mail", "@vendor": "Claws Mail", "@version": "2.2" }, { "#text": "cpe:/a:fetchmail:fetchmail", "@product": "Fetchmail", "@vendor": "Fetchmail Project", "@version": "2.2" }, { "#text": "cpe:/a:mozilla:seamonkey", "@product": "Mozilla SeaMonkey", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/a:mozilla:thunderbird", "@product": "Mozilla Thunderbird", "@vendor": "mozilla.org contributors", "@version": "2.2" }, { "#text": "cpe:/a:mutt:mutt", "@product": "Mutt", "@vendor": "Mutt", "@version": "2.2" }, { "#text": "cpe:/a:redhat:rhel_optional_productivity_applications", "@product": "RHEL Optional Productivity Applications", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sylpheed:sylpheed", "@product": "Sylpheed", "@vendor": "Sylpheed", "@version": "2.2" }, { "#text": "cpe:/o:hp:hp-ux", "@product": "HP-UX", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_eus", "@product": "Red Hat Enterprise Linux EUS", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:rhel_desktop_workstation", "@product": "RHEL Desktop Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux", "@product": "Turbolinux", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_desktop", "@product": "Turbolinux Desktop", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_fuji", "@product": "Turbolinux FUJI", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_home", "@product": "Turbolinux Home", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_multimedia", "@product": "Turbolinux Multimedia", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_personal", "@product": "Turbolinux Personal", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_wizpy", "@product": "wizpy", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "5.4", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:H/Au:N/C:C/I:N/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-000295", "sec:references": [ { "#text": "http://jvn.jp/cert/JVNTA07-151A/index.html", "@id": "JVNTA07-151A", "@source": "JVN" }, { "#text": "http://jvn.jp/en/jp/JVN19445002/index.html", "@id": "JVN#19445002", "@source": "JVN" }, { "#text": "http://jvn.jp/tr/TRTA07-151A/index.html", "@id": "TRTA07-151A", "@source": "JVNTR" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558", "@id": "CVE-2007-1558", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1558", "@id": "CVE-2007-1558", "@source": "NVD" }, { "#text": "http://www.us-cert.gov/cas/alerts/SA07-151A.html", "@id": "SA07-151A", "@source": "CERT-SA" }, { "#text": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html", "@id": "TA07-151A", "@source": "CERT-TA" }, { "#text": "http://www.securityfocus.com/bid/23257", "@id": "23257", "@source": "BID" }, { "#text": "http://www.securitytracker.com/id?1018008", "@id": "1018008", "@source": "SECTRACK" }, { "#text": "http://www.frsirt.com/english/advisories/2007/1466", "@id": "FrSIRT/ADV-2007-1466", "@source": "FRSIRT" }, { "#text": "http://www.frsirt.com/english/advisories/2007/1480", "@id": "FrSIRT/ADV-2007-1480", "@source": "FRSIRT" }, { "#text": "http://www.frsirt.com/english/advisories/2007/1468", "@id": "FrSIRT/ADV-2007-1468", "@source": "FRSIRT" }, { "#text": "http://www.frsirt.com/english/advisories/2007/1467", "@id": "FrSIRT/ADV-2007-1467", "@source": "FRSIRT" }, { "#text": "http://www.ietf.org/rfc/rfc1939.txt", "@id": "RFC1939:Post Office Protocol - Version 3", "@source": "IETF" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-264", "@title": "Permissions(CWE-264)" } ], "title": "APOP password recovery vulnerability" }