CVE-2021-32055

Published: 05/05/2021 Updated: 01/06/2021

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Mutt 1.11.0 up to and including 2.0.x prior to 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mutt mutt
neomutt neomutt

Several security issues were fixed in Mutt ...

Debian Bug report logs - #988106 mutt: CVE-2021-32055 Package: src:mutt; Maintainer for src:mutt is Mutt maintainers <mutt@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 5 May 2021 19:42:01 UTC Severity: important Tags: security, upstream Found in version mutt/205-4 Re ...

Mutt 1110 through 20x before 207 (and NeoMutt 2019-10-25 through 2021-05-04) has an $imap_qresync issue in which imap/utilc has an out-of-bounds read in situations where an IMAP sequence set ends with a comma NOTE: the $imap_qresync setting for QRESYNC is not enabled by default ...

CWE-125 https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5 http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc https://security.gentoo.org/glsa/202105-05 https://ubuntu.com/security/notices/USN-5392-1 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-32055

CVE-2021-32055

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect