Medium severity6.5NVD Advisory· Published Jan 19, 2021· Updated Jun 17, 2026
CVE-2021-3181
CVE-2021-3181
Description
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- Mutt/Muttdescription
- osv-coords7 versionspkg:rpm/almalinux/muttpkg:rpm/opensuse/mutt&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/mutt&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/mutt&distro=openSUSE%20Tumbleweedpkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/mutt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 5:2.0.7-1.el8+ 6 more
- (no CPE)range: < 5:2.0.7-1.el8
- (no CPE)range: < 1.10.1-lp151.2.15.1
- (no CPE)range: < 1.10.1-lp152.3.15.1
- (no CPE)range: < 2.0.7-2.2
- (no CPE)range: < 1.10.1-3.20.1
- (no CPE)range: < 1.10.1-55.24.1
- (no CPE)range: < 1.10.1-55.24.1
Patches
Vulnerability mechanics
References
11- gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17nvdPatchThird Party Advisory
- gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19nvdPatchThird Party Advisory
- gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14nvdPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2021/01/19/10nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2021/01/27/3nvdMailing ListThird Party Advisory
- gitlab.com/muttmua/mutt/-/issues/323nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2021/01/msg00017.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/202101-25nvdThird Party Advisory
- www.debian.org/security/2021/dsa-4838nvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXGWXFO77HBCD3VYEIYHHYU33LYWWWNQ/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2OMLQKAOHPYQA4GI7ZUO6UKCPUHLYO7/nvd
News mentions
0No linked articles in our index yet.