PT-2026-36772 · Mutt · Mutt
Evilrabbit
·
Published
2026-05-04
·
Updated
2026-05-09
·
CVE-2026-43859
CVSS v3.1
3.7
Low
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
mutt versions prior to 2.3.2
Description
The software sometimes uses the
strfcpy() function instead of memcpy() when handling the IMAP auth cram MD5 digest. This occurs during the authentication process for IMAP servers using the CRAM-MD5 mechanism.Recommendations
Update to version 2.3.2 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mutt