Описание
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.9.4-3ubuntu0.3 |
| devel | not-affected | 1.14.4-2 |
| eoan | released | 1.10.1-2.1ubuntu0.2 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | released | 1.9.4-3ubuntu0.3 |
| esm-infra/focal | released | 1.13.2-1ubuntu0.2 |
| esm-infra/xenial | released | 1.5.24-1ubuntu0.4 |
| focal | released | 1.13.2-1ubuntu0.2 |
| groovy | not-affected | 1.14.4-2 |
| hirsute | not-affected | 1.14.4-2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 20200619+dfsg.1-1 |
| eoan | ignored | end of life |
| esm-apps/bionic | released | 20171215+dfsg.1-1ubuntu0.1~esm1 |
| esm-apps/focal | released | 20191207+dfsg.1-1.1ubuntu0.1~esm1 |
| esm-apps/jammy | not-affected | 20200619+dfsg.1-1 |
| esm-apps/noble | not-affected | 20200619+dfsg.1-1 |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needed |
| groovy | not-affected | 20200619+dfsg.1-1 |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffe ...
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
Уязвимость почтовых клиентов Mutt и NeoMutt, связанная с недостатками процедуры нейтрализации особых элементов в выходных данных, используемых входящим компонентом, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3