PT-2021-3614 · Mutt+8 · Mutt+8

Tavis Ormandy

·

Published

2021-01-17

·

Updated

2024-06-15

·

CVE-2021-3181

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Mutt versions through 2.0.4
Description The issue is related to the incorrect handling of sequences of semicolon characters in RFC822 address fields by the rfc822.c component of the Mutt email client. This can be exploited by a remote attacker to cause a denial of service, resulting in mailbox unavailability. The attacker can send email messages with sequences of semicolon characters, leading to large memory consumption. As a result, the victim may be unable to see email messages from other persons.
Recommendations For versions through 2.0.4, consider disabling the handling of semicolon characters in RFC822 address fields as a temporary workaround until a patch is available. Restrict access to the rfc822.c component to minimize the risk of exploitation. Avoid processing email messages with suspicious sequences of semicolon characters in address fields until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-401

Related Identifiers

ALSA-2021:4181
ALT-PU-2021-1100
BDU:2021-03747
CESA-2021_4181
CVE-2021-3181
DLA-2529-1
DSA-4838-1
MGASA-2021-0070
OESA-2021-1079
OPENSUSE-SU-2021:0161-1
OPENSUSE-SU-2021:0162-1
OPENSUSE-SU-2021_0161-1
OPENSUSE-SU-2021_0162-1
OPENSUSE-SU-2024:11069-1
RHSA-2021:4181
RHSA-2021_4181
RLSA-2021:4181
SUSE-SU-2021:0195-1
SUSE-SU-2021:0196-1
SUSE-SU-2021_0195-1
SUSE-SU-2021_0196-1
USN-4703-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Mutt
Red Hat
Rocky Linux
Suse
Ubuntu