CVE-2021-3181 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Denial of service
Description	rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1476	mutt	2.0.4-1	2.0.5-1	Low	Fixed

Date	Advisory	Group	Package	Severity	Type
29 Jan 2021	ASA-202101-43	AVG-1476	mutt	Low	denial of service

References
https://www.openwall.com/lists/oss-security/2021/01/17/2 https://gitlab.com/muttmua/mutt/-/issues/323 https://gitlab.com/muttmua/mutt/uploads/ecd287245a2d0ac0108797eab2f1a224/rfc822_parse_adrlist.txt https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17

References

https://www.openwall.com/lists/oss-security/2021/01/17/2
https://gitlab.com/muttmua/mutt/-/issues/323
https://gitlab.com/muttmua/mutt/uploads/ecd287245a2d0ac0108797eab2f1a224/rfc822_parse_adrlist.txt
https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17