PT-2020-5911 · Mutt+5 · Mutt+5

Damian Poddebniak

Published

2020-06-19

Updated

2025-01-15

CVE-2020-14954

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Mutt versions prior to 1.14.4 NeoMutt versions prior to 2020-06-19

Description: The issue is related to a STARTTLS buffering problem that affects IMAP, SMTP, and POP3 protocols. When a server sends a "begin TLS" response, the client reads additional data and evaluates it in a TLS context, which can lead to "response injection." This can potentially allow a remote attacker to gain unauthorized access to protected information.

Recommendations: For Mutt versions prior to 1.14.4, update to version 1.14.4 or later. For NeoMutt versions prior to 2020-06-19, update to a version released after 2020-06-19. As a temporary workaround, consider restricting the use of STARTTLS to minimize the risk of exploitation.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

ALT-PU-2020-2259

ALT-PU-2020-2756

ALT-PU-2021-1100

BDU:2021-02007

CVE-2020-14954

DLA-2268-1

DLA-2268-2

DSA-4707-1

DSA-4708-1

MGASA-2020-0357

OESA-2022-1561

OPENSUSE-SU-2020:0903-1

OPENSUSE-SU-2020:0915-1

OPENSUSE-SU-2020:2127-1

OPENSUSE-SU-2020:2157-1

OPENSUSE-SU-2020:2158-1

OPENSUSE-SU-2020_0903-1

OPENSUSE-SU-2020_0915-1

OPENSUSE-SU-2020_2127-1

OPENSUSE-SU-2024:11069-1

OPENSUSE-SU-2024:11079-1

SUSE-SU-2020:14414-1

SUSE-SU-2020:1771-1

SUSE-SU-2020:1794-1

USN-4403-1

USN-7204-1

Affected Products

Alt Linux

Linuxmint

Mutt

Neomutt

Suse

Ubuntu

PT-2020-5911 · Mutt+5 · Mutt+5

CVE-2020-14954

Weakness Enumeration

Related Identifiers

Affected Products

References · 108