Unrated severityNVD Advisory· Published Apr 2, 2003· Updated Jun 16, 2026

CVE-2003-0167

Description

Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Mutt/Mutt10 versions
cpe:2.3:a:mutt:mutt:1.3.12:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:mutt:mutt:1.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:mutt:mutt:1.3.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:mutt:mutt:1.3.16:*:*:*:*:*:*:*
- cpe:2.3:a:mutt:mutt:1.3.17:*:*:*:*:*:*:*
- cpe:2.3:a:mutt:mutt:1.3.22:*:*:*:*:*:*:*
- cpe:2.3:a:mutt:mutt:1.3.24:*:*:*:*:*:*:*
- cpe:2.3:a:mutt:mutt:1.3.25:*:*:*:*:*:*:*
- cpe:2.3:a:mutt:mutt:1.3.27:*:*:*:*:*:*:*
- cpe:2.3:a:mutt:mutt:1.3.28:*:*:*:*:*:*:*
- (no CPE)range: <=1.3.28
Balsa/Balsallm-fuzzy
Range: <=1.2.4

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2003/dsa-274nvdPatchVendor Advisory
www.securityfocus.com/bid/7229nvdPatchVendor Advisory
www.debian.org/security/2003/dsa-300nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000