rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:37
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-401 |
17 Feb 2021, 17:08
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2OMLQKAOHPYQA4GI7ZUO6UKCPUHLYO7/ - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/01/27/3 - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXGWXFO77HBCD3VYEIYHHYU33LYWWWNQ/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
10 Feb 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jan 2021, 19:59
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.5 |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:* |
|
References |
|
|
References | (MISC) https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17 - Patch, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/01/19/10 - Mailing List, Third Party Advisory | |
References | (MISC) https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19 - Patch, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/01/msg00017.html - Mailing List, Third Party Advisory | |
References | (MISC) https://gitlab.com/muttmua/mutt/-/issues/323 - Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2021/dsa-4838 - Third Party Advisory | |
References | (MISC) https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14 - Patch, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202101-25 - Third Party Advisory | |
CWE | CWE-400 |
26 Jan 2021, 18:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Jan 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Jan 2021, 16:13
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-19 15:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-3181
Mitre link : CVE-2021-3181
CVE.ORG link : CVE-2021-3181
JSON object : View
Products Affected
fedoraproject
- fedora
debian
- debian_linux
mutt
- mutt
CWE
CWE-401
Missing Release of Memory after Effective Lifetime