neomutt

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A version of mutt with added features
Version 20240323-2 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1923 20210205-1 20211015-1 Medium Fixed
AVG-1289 20200925-1 20201120-1 High Fixed
AVG-740 20180622-2 20180716-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-32055 AVG-1923 Medium Yes Information disclosure
Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has an $imap_qresync issue in which imap/util.c has an out-of-bounds read...
CVE-2020-28896 AVG-1289 High Yes Silent downgrade
A security issue has been found in Mutt before version 2.0.2 and NeoMutt before version 20201120 that could result in authentication credentials being sent...
CVE-2018-14363 AVG-740 Medium Yes Directory traversal
An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames.
CVE-2018-14362 AVG-740 Medium Yes Directory traversal
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with...
CVE-2018-14361 AVG-740 Medium Yes Denial of service
An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data.
CVE-2018-14360 AVG-740 Medium Yes Arbitrary code execution
An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage.
CVE-2018-14359 AVG-740 High Yes Arbitrary code execution
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.
CVE-2018-14358 AVG-740 Medium Yes Arbitrary code execution
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a...
CVE-2018-14357 AVG-740 High Yes Arbitrary command execution
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote...
CVE-2018-14356 AVG-740 Medium Yes Insufficient validation
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.F
CVE-2018-14355 AVG-740 Medium Yes Directory traversal
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name.
CVE-2018-14354 AVG-740 Medium Yes Arbitrary command execution
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote...
CVE-2018-14353 AVG-740 Medium Yes Denial of service
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.
CVE-2018-14352 AVG-740 Medium Yes Denial of service
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters,...
CVE-2018-14351 AVG-740 Medium Yes Denial of service
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size.
CVE-2018-14350 AVG-740 Medium Yes Denial of service
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a...
CVE-2018-14349 AVG-740 Medium Yes Incorrect calculation
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.

Advisories

Date Advisory Group Severity Type
26 Nov 2020 ASA-202011-24 AVG-1289 High silent downgrade