Mutt

Mutt

45 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2018-14354

  • EPSS 3.89%
  • Veröffentlicht 17.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:53

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscripti...

9.8

CVE-2018-14353

  • EPSS 2.13%
  • Veröffentlicht 17.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:53

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.

9.8

CVE-2018-14352

  • EPSS 4.48%
  • Veröffentlicht 17.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:53

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.

9.8

CVE-2018-14350

  • EPSS 4.4%
  • Veröffentlicht 17.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:53

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.

9.8

CVE-2018-14349

  • EPSS 1.22%
  • Veröffentlicht 17.07.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:53

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.

5

CVE-2014-9116

Exploit
  • EPSS 2.62%
  • Veröffentlicht 02.12.2014 16:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buf...

5

CVE-2014-0467

  • EPSS 1.41%
  • Veröffentlicht 14.03.2014 15:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion.

5.8

CVE-2011-1429

  • EPSS 0.55%
  • Veröffentlicht 16.03.2011 22:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-...

6.8

CVE-2009-3766

  • EPSS 1.39%
  • Veröffentlicht 23.10.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an ar...

6.8

CVE-2009-3765

  • EPSS 0.59%
  • Veröffentlicht 23.10.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL se...