6.5
CVE-2024-49393
- EPSS 0.33%
- Veröffentlicht 12.11.2024 02:15:18
- Zuletzt bearbeitet 26.06.2026 02:16:50
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing
In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Enterprise Linux Version8.0 SwEdition-
Redhat ≫ Enterprise Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.249 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| secalert@redhat.com | 6.5 | 2.2 | 4.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
|
CWE-347 Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
https://access.redhat.com/security/cve/CVE-2024-49393
https://bugzilla.redhat.com/show_bug.cgi?id=2325317
https://github.com/neomutt/neomutt/issues/4223
https://github.com/neomutt/neomutt/pull/4221
https://github.com/neomutt/neomutt/pull/4227