Multiple vulnerabilities in Mutt



Published: 2023-09-11
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2023-4874
CVE-2023-4875
CWE-ID CWE-476
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Mutt
Client/Desktop applications / Office applications

Vendor Mutt.org

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU80636

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2023-4874

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when viewing a specially crafted email. A remote attacker can trick the victim to open a specially crafted email and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mutt: 1.5.3 - 2.2.11

Fixed software versions

CPE2.3 External links

http://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0.patch
http://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch
http://www.debian.org/security/2023/dsa-5494


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) NULL pointer dereference

EUVDB-ID: #VU80635

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2023-4875

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when composing from a specially crafted draft message. A remote attacker can trick the victim into using a specially crafted draft message to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mutt: 1.5.3 - 2.2.11

Fixed software versions

CPE2.3 External links

http://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch
http://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch
http://www.debian.org/security/2023/dsa-5494


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###