CVE-2024-49394Improper Verification of Cryptographic Signature in Redhat Enterprise Linux

CWE-347Improper Verification of Cryptographic Signature7 documents7 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 75.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
NeomuttRedhat Enterprise Linux
Timeline
PublishedNov 12
Latest updateJan 15

Description

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

Debianneomutt/neomutt< 20241002+dfsg-1+1

Also affects: Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

3
CVEList
Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing2024-11-12
GHSA
GHSA-q998-8jff-x3rg: In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but2024-11-12
OSV
CVE-2024-49394: In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but2024-11-12

📋Vendor Advisories

3
Ubuntu
NeoMutt vulnerabilities2025-01-15
Red Hat
mutt: neomutt: In-Reply-To email header field it not protected by cryptograpic signing2024-11-11
Debian
CVE-2024-49394: mutt - In mutt and neomutt the In-Reply-To email header field is not protected by crypt...2024
CVE-2024-49394 — Redhat Enterprise Linux vulnerability | cvebase