Vulnerability Name:

CVE-2021-32055 (CCN-201298)

Assigned:2021-05-04
Published:2021-05-04
Updated:2021-06-01
Summary:Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma.
Note: the $imap_qresync setting for QRESYNC is not enabled by default.
CVSS v3 Severity:9.1 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
7.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): High
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-125
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2021-32055

Source: MISC
Type: Mailing List, Vendor Advisory
http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html

Source: XF
Type: UNKNOWN
mutt-cve202132055-dos(201298)

Source: CCN
Type: Mutt GIT Repository
Fix seqset iterator when it ends in a comma

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc

Source: MISC
Type: Patch, Third Party Advisory
https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5

Source: GENTOO
Type: Third Party Advisory
GLSA-202105-05

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mutt:mutt:*:*:*:*:*:*:*:* (Version >= 1.11.0 and < 2.0.7)
  • OR cpe:/a:neomutt:neomutt:*:*:*:*:*:*:*:* (Version >= 20191025 and <= 20210504)

    • Configuration CCN 1:
  • cpe:/a:mutt:mutt:1.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:neomutt:neomutt:2019-10-25:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:405
    P
    		Security update for neomutt (Moderate)
    2022-06-21
    oval:org.opensuse.security:def:113005
    P
    		mutt-2.0.7-2.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:113021
    P
    		neomutt-20211029-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106451
    P
    		Security update for tomcat (Important)
    2021-11-16
    BACK
    mutt mutt *
    neomutt neomutt *
    mutt mutt 1.11.0
    neomutt neomutt 2019-10-25