CVE-2007-1268 — Mutt vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

1.5%

top 19.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mutt Debian Mutt

Timeline

PublishedMar 6

Latest updateMay 1

Description

Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmutt/mutt1.5.13

▶debiandebian/mutt

🔴Vulnerability Details

GHSA

GHSA-jrvr-vmxj-vvq9: Mutt 1↗2022-05-01

▶

OSV

CVE-2007-1268: Mutt 1↗2007-03-06

▶

📋Vendor Advisories

Debian

CVE-2007-1268: mutt - Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invo...↗2007

▶