Unrated severityNVD Advisory· Published May 5, 2021· Updated Aug 3, 2024

CVE-2021-32055

Description

Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.

Affected products

Mutt/Muttdescription
osv-coords4 versions
pkg:rpm/opensuse/mutt&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/neomutt&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/neomutt&distro=openSUSE%20Tumbleweed pkg:rpm/suse/neomutt&distro=SUSE%20Package%20Hub%2015%20SP4
< 2.0.7-2.2+ 3 more
- (no CPE)range: < 2.0.7-2.2
- (no CPE)range: < 20220429-bp154.2.3.1
- (no CPE)range: < 20211029-1.1
- (no CPE)range: < 20220429-bp154.2.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202105-05mitrevendor-advisoryx_refsource_GENTOO
lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.htmlmitrex_refsource_MISC
github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dcmitrex_refsource_MISC
gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000