Evilrabbit

**Name of the Vulnerable Software and Affected Versions** mutt versions prior to 2.3.2 **Description** The software sometimes uses the `strfcpy()` function instead of `memcpy()` when handling the IMAP auth cram MD5 digest. This occurs during the authentication process for IMAP servers using the CRAM-MD5 mechanism. **Recommendations** Update to version 2.3.2 or later.

**Name of the Vulnerable Software and Affected Versions** mutt versions prior to 2.3.2 **Description** An issue exists where the `hash passwd` is occasionally truncated by one byte during IMAP auth cram MD5 digest processes. **Recommendations** Update to version 2.3.2 or later.

**Name of the Vulnerable Software and Affected Versions** mutt versions prior to 2.3.2 **Description** The software fails to check for the null character '0' within the `url pct decode()` function. **Recommendations** Update to version 2.3.2 or later.

**Name of the Vulnerable Software and Affected Versions** mutt versions prior to 2.3.2 **Description** The `imap auth gss` security level is mishandled. **Recommendations** Update to version 2.3.2.

**Name of the Vulnerable Software and Affected Versions** mutt versions prior to 2.3.2 **Description** An infinite loop exists in the `data object to stream()` function within the `crypt-gpgme.c` file. **Recommendations** Update to version 2.3.2 or later.

**Name of the Vulnerable Software and Affected Versions** mutt versions prior to 2.3.2 **Description** A NULL pointer dereference exists in the `show sig summary` function. A NULL pointer dereference occurs when a program attempts to read or write to a memory location using a pointer that is null, typically leading to a program crash. **Recommendations** Update to version 2.3.2 or later. As a temporary workaround, consider disabling the `show sig summary` function until the update is applied.