CVE-2020-14154 — Improper Verification of Cryptographic Signature in Mutt

CWE-347 — Improper Verification of Cryptographic Signature10 documents8 sources

Severity

4.8MEDIUMNVD

OSV5.9

EPSS

0.7%

top 28.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mutt Neomutt Canonical Ubuntu Linux

Timeline

PublishedJun 15

Latest updateMay 24

Description

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages4 packages

▶NVDmutt/mutt< 1.14.3

▶Debianmutt/mutt< 1.14.3-1+3

▶Ubuntumutt/mutt< 1.5.24-1ubuntu0.3+2

▶Debianneomutt/neomutt< 20200619+dfsg.1-1+3

Also affects: Ubuntu Linux 12.04, 16.04, 18.04, 19.10, 20.04

🔴Vulnerability Details

GHSA

GHSA-v3gg-5crq-w4vj: Mutt before 1↗2022-05-24

▶

OSV

mutt vulnerabilities↗2020-06-22

▶

OSV

CVE-2020-14154: Mutt before 1↗2020-06-15

▶

CVEList

CVE-2020-14154: Mutt before 1↗2020-06-15

▶

📋Vendor Advisories

Ubuntu

Mutt vulnerabilities↗2020-06-22

▶

Red Hat

mutt: TLS mishandling during connection↗2020-06-15

▶

Debian

CVE-2020-14154: mutt - Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS c...↗2020

▶

💬Community

Bugzilla

CVE-2020-14154 mutt: TLS mishandling during connection [fedora-all]↗2020-06-18

▶

Bugzilla

CVE-2020-14154 mutt: TLS mishandling during connection↗2020-06-18

▶