6.5

CVE-2024-49393

Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MuttMutt Version-
NeomuttNeomutt Version-
RedhatEnterprise Linux Version8.0 SwEdition-
RedhatEnterprise Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.33% 0.249
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
secalert@redhat.com 6.5 2.2 4.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://access.redhat.com/security/cve/CVE-2024-49393
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2325317
Third Party Advisory
Issue Tracking
https://github.com/neomutt/neomutt/issues/4223
https://github.com/neomutt/neomutt/pull/4221
https://github.com/neomutt/neomutt/pull/4227