CVE-2023-4875 — Undefined Behavior for Input to API in Mutt

CWE-475 — Undefined Behavior for Input to API CWE-476 — NULL Pointer Dereference12 documents9 sources

Severity

5.7MEDIUMNVD

CNA2.2OSV6.5

EPSS

0.0%

top 92.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mutt Debian Linux

Timeline

PublishedSep 9

Latest updateMay 22

Description

Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:HExploitability: 2.1 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5mutt/mutt1.5.2 — 2.2.12

▶NVDmutt/mutt< 2.2.12

▶Debianmutt/mutt< 2.0.5-4.1+deb11u3+3

▶Ubuntumutt/mutt< 1.13.2-1ubuntu0.6+4

Also affects: Debian Linux 10.0, 11.0, 12.0

Patches

Patch: gitlab.com ↗Patch: gitlab.com ↗Patch: gitlab.com ↗

🔴Vulnerability Details

OSV

mutt vulnerabilities↗2023-10-19

▶

OSV

mutt vulnerabilities↗2023-09-14

▶

GHSA

GHSA-fwwc-f8hw-qfwf: Null pointer dereference when composing from a specially crafted draft message in Mutt >1↗2023-09-09

▶

OSV

CVE-2023-4875: Null pointer dereference when composing from a specially crafted draft message in Mutt >1↗2023-09-09

▶

CVEList

Undefined Behavior for Input to API in Mutt↗2023-09-09

▶

📋Vendor Advisories

Ubuntu

Mutt vulnerabilities↗2023-10-19

▶

Ubuntu

Mutt vulnerabilities↗2023-09-14

▶

Microsoft

Undefined Behavior for Input to API in Mutt↗2023-09-12

▶

Red Hat

mutt: null pointer dereference↗2023-09-09

▶

Debian

CVE-2023-4875: mutt - Null pointer dereference when composing from a specially crafted draft message i...↗2023

▶

💬Community

Bugzilla

CVE-2023-52772 kernel: af_unix: fix use-after-free in unix_stream_read_actor()↗2024-05-22

▶