CVE-2021-32055

Name of the Vulnerable Software and Affected Versions Mutt versions 1.11.0 through 2.0.x before 2.0.7 NeoMutt versions 2019-10-25 through 2021-05-04

Description The issue is related to incorrect handling of an IMAP sequence set that ends with a comma in the imap/util.c component of Mutt and NeoMutt email clients. This can allow a remote attacker to access confidential data and cause a denial of service. The $imap qresync setting for QRESYNC is not enabled by default.

Recommendations For Mutt versions 1.11.0 through 2.0.x before 2.0.7, update to version 2.0.7 or later. For NeoMutt versions 2019-10-25 through 2021-05-04, update to a version later than 2021-05-04. As a temporary workaround, consider disabling the $imap qresync setting until a patch is available.