SB2021012620 - Denial of service in Mutt
Published: January 26, 2021
Security Bulletin ID
SB2021012620
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource exhaustion (CVE-ID: CVE-2021-3181)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when handling email messages with sequences of semicolon characters in RFC822 address fields. A remote attacker can send a specially crafted email message, force the application to consume a huge amount of memory and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- http://www.openwall.com/lists/oss-security/2021/01/19/10
- https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17
- https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19
- https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14
- https://gitlab.com/muttmua/mutt/-/issues/323