Mutt

Mutt

45 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2018-14354

  • EPSS 3.89%
  • Published 17.07.2018 17:29:00
  • Last modified 21.11.2024 03:48:53

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscripti...

9.8

CVE-2018-14353

  • EPSS 2.13%
  • Published 17.07.2018 17:29:00
  • Last modified 21.11.2024 03:48:53

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.

9.8

CVE-2018-14352

  • EPSS 4.48%
  • Published 17.07.2018 17:29:00
  • Last modified 21.11.2024 03:48:53

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.

9.8

CVE-2018-14350

  • EPSS 4.4%
  • Published 17.07.2018 17:29:00
  • Last modified 21.11.2024 03:48:53

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.

9.8

CVE-2018-14349

  • EPSS 1.22%
  • Published 17.07.2018 17:29:00
  • Last modified 21.11.2024 03:48:53

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.

5

CVE-2014-9116

Exploit
  • EPSS 2.62%
  • Published 02.12.2014 16:59:08
  • Last modified 12.04.2025 10:46:40

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buf...

5

CVE-2014-0467

  • EPSS 1.41%
  • Published 14.03.2014 15:55:05
  • Last modified 12.04.2025 10:46:40

Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion.

5.8

CVE-2011-1429

  • EPSS 0.55%
  • Published 16.03.2011 22:55:04
  • Last modified 11.04.2025 00:51:21

Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-...

6.8

CVE-2009-3766

  • EPSS 1.39%
  • Published 23.10.2009 19:30:00
  • Last modified 09.04.2025 00:30:58

mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an ar...

6.8

CVE-2009-3765

  • EPSS 0.59%
  • Published 23.10.2009 19:30:00
  • Last modified 09.04.2025 00:30:58

mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL se...