SB2023091177 - Multiple vulnerabilities in Mutt
Published: September 11, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2023-4874)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when viewing a specially crafted email. A remote attacker can trick the victim to open a specially crafted email and perform a denial of service (DoS) attack.
2) NULL pointer dereference (CVE-ID: CVE-2023-4875)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when composing from a specially crafted draft message. A remote attacker can trick the victim into using a specially crafted draft message to perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0.patch
- https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch
- https://www.debian.org/security/2023/dsa-5494
- https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch