Medium severity5.3NVD Advisory· Published Nov 23, 2020· Updated Jun 17, 2026
CVE-2020-28896
CVE-2020-28896
Description
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
37- Mutt/Muttdescription
- osv-coords34 versionspkg:rpm/almalinux/muttpkg:rpm/opensuse/mutt&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/mutt&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/mutt&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/neomutt&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/neomutt&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/neomutt&distro=openSUSE%20Tumbleweedpkg:rpm/suse/mutt&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/mutt&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/mutt&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/mutt&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/mutt&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/mutt&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/mutt&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/neomutt&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/neomutt&distro=SUSE%20Package%20Hub%2015%20SP2
< 5:2.0.7-1.el8+ 33 more
- (no CPE)range: < 5:2.0.7-1.el8
- (no CPE)range: < 1.10.1-lp151.2.6.1
- (no CPE)range: < 1.10.1-lp152.3.6.1
- (no CPE)range: < 2.0.7-2.2
- (no CPE)range: < 20201120-lp152.2.3.1
- (no CPE)range: < 20201120-lp152.2.3.1
- (no CPE)range: < 20210205-3.3
- (no CPE)range: < 1.10.1-55.18.1
- (no CPE)range: < 1.10.1-55.18.1
- (no CPE)range: < 1.10.1-3.11.1
- (no CPE)range: < 1.10.1-3.11.1
- (no CPE)range: < 1.10.1-3.11.1
- (no CPE)range: < 1.10.1-3.11.1
- (no CPE)range: < 1.5.17-42.56.1
- (no CPE)range: < 1.5.17-42.56.1
- (no CPE)range: < 1.10.1-55.18.1
- (no CPE)range: < 1.10.1-55.18.1
- (no CPE)range: < 1.10.1-55.18.1
- (no CPE)range: < 1.10.1-55.18.1
- (no CPE)range: < 1.10.1-55.18.1
- (no CPE)range: < 1.10.1-55.18.1
- (no CPE)range: < 1.10.1-3.11.1
- (no CPE)range: < 1.10.1-55.18.1
- (no CPE)range: < 1.10.1-55.18.1
- (no CPE)range: < 1.10.1-55.18.1
- (no CPE)range: < 1.10.1-55.18.1
- (no CPE)range: < 1.10.1-3.11.1
- (no CPE)range: < 1.10.1-55.18.1
- (no CPE)range: < 1.10.1-55.18.1
- (no CPE)range: < 1.10.1-55.18.1
- (no CPE)range: < 1.10.1-55.18.1
- (no CPE)range: < 1.10.1-55.18.1
- (no CPE)range: < 20201120-bp151.3.3.1
- (no CPE)range: < 20201120-bp152.2.3.1
Patches
Vulnerability mechanics
References
6- github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06nvdPatchThird Party Advisory
- gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59anvdPatchThird Party Advisory
- gitlab.com/muttmua/mutt/-/commit/d92689088dfe80a290ec836e292376e2d9984f8fnvdPatchThird Party Advisory
- github.com/neomutt/neomutt/releases/tag/20201120nvdRelease NotesThird Party Advisory
- lists.debian.org/debian-lts-announce/2020/11/msg00048.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/202101-32nvdThird Party Advisory
News mentions
0No linked articles in our index yet.