Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-32055

Published: 5 May 2021

Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.

Priority

Low

Cvss 3 Severity Score

9.1

Score breakdown

Status

Package Release Status
mutt
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (1.13.2-1ubuntu0.5)
groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Not vulnerable
(2.0.5-4.1)
jammy Not vulnerable
(2.0.5-4.1)
kinetic Not vulnerable
(2.0.5-4.1)
precise Ignored
(end of ESM support, was needs-triage)
trusty Does not exist

upstream Needs triage

xenial
Released (1.5.24-1ubuntu0.6+esm2)
neomutt
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

precise Does not exist

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)

Severity score breakdown

Parameter Value
Base score 9.1
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H