Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-49393

Опубликовано: 12 нояб. 2024
Источник: debian

Описание

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
muttunfixedpackage
neomuttfixed20241002+dfsg-1package

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=2325317

  • https://gitlab.com/muttmua/mutt/-/issues/490

  • Mutt project does not plan to address CVE-2024-49393, CVE-2024-49394, CVE-2024-49395

  • cf. https://gitlab.com/muttmua/mutt/-/issues/490#note_2209448655 . Issues with documented

  • through http://mutt.org/doc/manual/#crypt-protected-headers-read

  • https://github.com/neomutt/neomutt/issues/4223

  • Protected since: https://github.com/neomutt/neomutt/commit/913a991a5a8a000c0acc761dd8c9b76eefabfbea (20241002)

  • Reading protected value since: https://github.com/neomutt/neomutt/commit/06f8ff5a97ecc4763d52f75b9aedf80578fe1404 (20241002)

  • Protected headers introduced in mutt 1.12

Связанные уязвимости

ubuntu логотип

CVE-2024-49393

CVSS3: 6.5
ubuntu
около 1 года назад

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.

redhat логотип

CVE-2024-49393

CVSS3: 6.5
redhat
около 1 года назад

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.

nvd логотип

CVE-2024-49393

CVSS3: 6.5
nvd
около 1 года назад

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.

github логотип

GHSA-hchw-xwhf-3qvm

CVSS3: 7.4
github
около 1 года назад

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.

fstec логотип

BDU:2025-00230

CVSS3: 7.4
fstec
больше 1 года назад

Уязвимость почтовых клиентов Mutt и NeoMutt, связанная с ошибками проверки криптографической подписи, позволяющая нарушителю изменить список доверенных получателей и раскрыть защищаемую информацию