Vulnerabilities > Mutt
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-12 | CVE-2024-49394 | Improper Verification of Cryptographic Signature vulnerability in multiple products In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender. | 5.3 |
| 2024-11-12 | CVE-2024-49395 | In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info. | 5.3 |
| 2024-11-12 | CVE-2024-49393 | Improper Verification of Cryptographic Signature vulnerability in multiple products In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality. | 5.9 |
| 2023-09-09 | CVE-2023-4874 | NULL Pointer Dereference vulnerability in multiple products Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 | 6.5 |
| 2023-09-09 | CVE-2023-4875 | NULL Pointer Dereference vulnerability in multiple products Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 | 5.7 |
| 2022-04-14 | CVE-2022-1328 | Classic Buffer Overflow vulnerability in multiple products Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line | 5.3 |
| 2021-05-05 | CVE-2021-32055 | Out-of-bounds Read vulnerability in multiple products Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. | 5.8 |
| 2021-01-19 | CVE-2021-3181 | Memory Leak vulnerability in multiple products rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). | 6.5 |
| 2020-11-23 | CVE-2020-28896 | Insufficiently Protected Credentials vulnerability in multiple products Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. | 2.6 |
| 2020-06-21 | CVE-2020-14954 | Injection vulnerability in multiple products Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. | 5.9 |