Jeriko-One

**Name of the Vulnerable Software and Affected Versions** Mutt versions prior to 1.10.1 NeoMutt versions prior to 2018-07-16 **Description** The issue is related to errors in handling input data, which can be exploited by a remote attacker to execute arbitrary code. Specifically, the problem lies in the mishandling of a NO response without a message in the imap/command.c component. **Recommendations** For Mutt versions prior to 1.10.1, update to version 1.10.1 or later to resolve the issue. For NeoMutt versions prior to 2018-07-16, update to a version released after 2018-07-16 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mutt versions prior to 1.10.1 NeoMutt versions prior to 2018-07-16 **Description** The issue is related to the use of an uninitialized pointer in Mutt and NeoMutt email clients. This can be exploited by a remote attacker to execute arbitrary code. A specific problem lies in the `pop.c` file, which mishandles a zero-length UID. **Recommendations** For Mutt versions prior to 1.10.1, update to version 1.10.1 or later to resolve the issue. For NeoMutt versions prior to 2018-07-16, update to a version released after 2018-07-16 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NeoMutt versions prior to 2018-07-16 **Description** The issue is related to a stack-based buffer overflow in the nntp add group function in the newsrc.c file of the NeoMutt email client. This overflow is caused by incorrect usage of the `sscanf` function, which can lead to errors in memory object handling. The exploitation of this issue may allow a remote attacker to execute arbitrary code. **Recommendations** For NeoMutt versions prior to 2018-07-16, update to a version released after 2018-07-16 to resolve the issue. As a temporary workaround, consider restricting access to the `nntp add group` function in the newsrc.c file until a patch is available. Avoid using the `sscanf` function in the affected `nntp add group` function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** NeoMutt versions prior to 2018-07-16 **Description** The issue is related to errors in handling input data in the nntp.c file of the NeoMutt email client. It may allow a remote attacker to execute arbitrary code if the vulnerability is exploited. The problem arises when memory allocation fails for messages data, but the process continues nonetheless. **Recommendations** For versions prior to 2018-07-16, update to a version released after 2018-07-16 to resolve the issue. As a temporary workaround, consider restricting access to the nntp.c file or disabling its functionality until a patch is available.