Your submission was sent successfully! Close

CVE-2021-32055

Published: 5 May 2021

Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.

Priority

Low

CVSS 3 base score: 9.1

Status

Package Release Status
mutt
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (1.13.2-1ubuntu0.5)
groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Not vulnerable
(2.0.5-4.1)
jammy Not vulnerable
(2.0.5-4.1)
precise Ignored
(end of ESM support, was needs-triage)
trusty Does not exist

upstream Needs triage

xenial
Released (1.5.24-1ubuntu0.6+esm2)
neomutt
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)