Описание
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mutt | unfixed | package | ||
| neomutt | fixed | 20241002+dfsg-1 | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=2325330
https://gitlab.com/muttmua/mutt/-/issues/490
Mutt project does not plan to address CVE-2024-49393, CVE-2024-49394, CVE-2024-49395
cf. https://gitlab.com/muttmua/mutt/-/issues/490#note_2209448655 . Issues with documented
through http://mutt.org/doc/manual/#crypt-protected-headers-read
https://github.com/neomutt/neomutt/issues/4226
Protected since: https://github.com/neomutt/neomutt/commit/13cfc6f98322eafdc30ecc4c15999d401950a1d9 (20241002)
Reading protected value since: https://github.com/neomutt/neomutt/commit/ec02b141983c70ae7ebee0cdfba59e90a825f0cc (20241002)
These are longstanding limitations of PGP-encrypted mail and rather enhancements
than actual vulnerabilities
Protected headers introduced in mutt 1.12
EPSS
Связанные уязвимости
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
EPSS