Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12
Weakness
The behavior of this function is undefined unless its control parameter is set to a specific value.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mutt | Mutt | 1.5.2 (excluding) | 2.2.12 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | mutt-5:2.0.7-3.el8 | * |
| Red Hat Enterprise Linux 9 | RedHat | mutt-5:2.2.6-2.el9 | * |
| Mutt | Ubuntu | bionic | * |
| Mutt | Ubuntu | esm-infra/bionic | * |
| Mutt | Ubuntu | esm-infra/focal | * |
| Mutt | Ubuntu | esm-infra/xenial | * |
| Mutt | Ubuntu | focal | * |
| Mutt | Ubuntu | jammy | * |
| Mutt | Ubuntu | lunar | * |
| Mutt | Ubuntu | mantic | * |
| Mutt | Ubuntu | trusty | * |
| Mutt | Ubuntu | upstream | * |
| Mutt | Ubuntu | xenial | * |
References
- https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch
- https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0.patch
- http://www.openwall.com/lists/oss-security/2023/09/26/6
- https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch
- https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0.patch
- https://lists.debian.org/debian-lts-announce/2023/09/msg00021.html
- https://www.debian.org/security/2023/dsa-5494