Vulnerabilities > Mutt > Mutt > 1.13.2

DATE CVE VULNERABILITY TITLE RISK
2023-09-09 CVE-2023-4874 NULL Pointer Dereference vulnerability in multiple products
Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12
network
low complexity
mutt debian CWE-476
6.5
2023-09-09 CVE-2023-4875 NULL Pointer Dereference vulnerability in multiple products
Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12
network
low complexity
mutt debian CWE-476
5.7
2022-04-14 CVE-2022-1328 Classic Buffer Overflow vulnerability in multiple products
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line
network
low complexity
mutt debian fedoraproject CWE-120
5.3
2021-05-05 CVE-2021-32055 Out-of-bounds Read vulnerability in multiple products
Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma.
network
mutt neomutt CWE-125
5.8
2021-01-19 CVE-2021-3181 Memory Leak vulnerability in multiple products
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups).
network
low complexity
mutt debian fedoraproject CWE-401
6.5
2020-11-23 CVE-2020-28896 Insufficiently Protected Credentials vulnerability in multiple products
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid.
network
high complexity
mutt neomutt debian CWE-522
2.6
2020-06-21 CVE-2020-14954 Injection vulnerability in multiple products
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3.
5.9
2020-06-15 CVE-2020-14154 Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.
network
high complexity
mutt canonical
4.8
2020-06-15 CVE-2020-14093 Cleartext Transmission of Sensitive Information vulnerability in multiple products
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.
4.3