6.5

CVE-2024-49393

EPSS 0.08%
Veröffentlicht 12.11.2024 02:15:18
Zuletzt bearbeitet 16.07.2025 12:15:22
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 4 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mutt ≫ Mutt Version-

Neomutt ≫ Neomutt Version-

Redhat ≫ Enterprise Linux Version8.0 SwEdition-

Redhat ≫ Enterprise Linux Version9.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.244

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	6.5	2.2	4.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://access.redhat.com/security/cve/CVE-2024-49393

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2325317

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-49393

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-49393

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-49393

EUVD