Published: 19/01/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

rfc822.c in Mutt up to and including 2.0.4 allows remote malicious users to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mutt mutt
debian debian linux 9.0
debian debian linux 10.0
fedoraproject fedora 32
fedoraproject fedora 33

Debian Bug report logs - #980326 mutt: CVE-2021-3181: mutt recipient parsing memory leak Package: src:mutt; Maintainer for src:mutt is Mutt maintainers <mutt@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 17 Jan 2021 20:03:02 UTC Severity: important Tags: patch, security, upstr ...

Tavis Ormandy discovered a memory leak flaw in the rfc822 group recipient parsing in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, which could result in denial of service For the stable distribution (buster), this problem has been fixed in version 1101-21+deb10u5 We recommend that you upgrade your mutt packages For th ...

Mutt before 1143 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response (CVE-2020-14093) Mutt before 1143 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate (CVE-2020-14154) Mutt before 1144 and NeoMutt before 2020-06-19 have a STARTTLS bu ...

rfc822c in Mutt through 204 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups) A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see ...

oss-sec mailing list archives   By Date By Thread </form>    Re: mutt recipient parsing memory leak   From: Utkarsh Gupta <utkarsh ...

CWE-401 https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17 https://gitlab.com/muttmua/mutt/-/issues/323 https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19 https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14 http://www.openwall.com/lists/oss-security/2021/01/19/10 https://www.debian.org/security/2021/dsa-4838 https://lists.debian.org/debian-lts-announce/2021/01/msg00017.html https://security.gentoo.org/glsa/202101-25 http://www.openwall.com/lists/oss-security/2021/01/27/3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2OMLQKAOHPYQA4GI7ZUO6UKCPUHLYO7/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXGWXFO77HBCD3VYEIYHHYU33LYWWWNQ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980326 https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4838

CVE-2021-3181

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect