PT-2024-33505 · Neomutt+5 · Neomutt+5

Published

2024-11-12

Updated

2025-02-24

CVE-2024-49394

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions mutt and neomutt (affected versions not specified)

Description The issue concerns the In-Reply-To email header field in mutt and neomutt, which is not protected by cryptographic signing. This allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

ALT-PU-2024-17105

CVE-2024-49394

MGASA-2025-0070

OPENSUSE-SU-2024:14527-1

USN-7204-1

Affected Products

Alt Linux

Debian

Linuxmint

Ubuntu

Mutt

Neomutt

PT-2024-33505 · Neomutt+5 · Neomutt+5

CVE-2024-49394

Weakness Enumeration

Related Identifiers

Affected Products

References · 45