5.9

CVE-2020-14954

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MuttMutt Version < 1.14.4
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
NeomuttNeomutt Version < 20200619
FedoraprojectFedora Version31
FedoraprojectFedora Version32
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.10
CanonicalUbuntu Linux Version20.04 SwEditionlts
OpensuseLeap Version15.1
OpensuseLeap Version15.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.29% 0.809
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/202007-57
Third Party Advisory
https://www.debian.org/security/2020/dsa-4707
Third Party Advisory
https://www.debian.org/security/2020/dsa-4708
Third Party Advisory
http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html
Vendor Advisory
Mailing List
http://www.mutt.org/
Product
https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc
Patch
https://github.com/neomutt/neomutt/releases/tag/20200619
Release Notes
https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4
Patch
https://gitlab.com/muttmua/mutt/-/issues/248
Third Party Advisory
Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFMEILCBKMZRRZDMUGWLVN4PQQ4VTAZE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3LXFVPTLK4PNHL6MPKJNJQJ25CH7GLQ/
https://usn.ubuntu.com/4403-1/
Third Party Advisory