6.5

CVE-2021-3181

rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MuttMutt Version <= 2.0.4
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
FedoraprojectFedora Version32
FedoraprojectFedora Version33
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.8% 0.846
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

http://www.openwall.com/lists/oss-security/2021/01/19/10
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2021/01/27/3
Third Party Advisory
Mailing List
https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17
Patch
Third Party Advisory
https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19
Patch
Third Party Advisory
https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14
Patch
Third Party Advisory
https://gitlab.com/muttmua/mutt/-/issues/323
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/01/msg00017.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXGWXFO77HBCD3VYEIYHHYU33LYWWWNQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2OMLQKAOHPYQA4GI7ZUO6UKCPUHLYO7/
https://security.gentoo.org/glsa/202101-25
Third Party Advisory
https://www.debian.org/security/2021/dsa-4838
Third Party Advisory