5.3

CVE-2024-49394

Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MuttMutt Version-
NeomuttNeomutt Version-
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.33% 0.247
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://access.redhat.com/security/cve/CVE-2024-49394
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2325330
Third Party Advisory
Issue Tracking
https://github.com/neomutt/neomutt/pull/4221
https://github.com/neomutt/neomutt/pull/4227
https://github.com/neomutt/neomutt/issues/4226