In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mutt | Mutt | - (including) | - (including) |
Neomutt | Neomutt | - (including) | - (including) |
Mutt | Ubuntu | devel | * |
Mutt | Ubuntu | esm-infra/bionic | * |
Mutt | Ubuntu | esm-infra/xenial | * |
Mutt | Ubuntu | focal | * |
Mutt | Ubuntu | jammy | * |
Mutt | Ubuntu | noble | * |
Mutt | Ubuntu | oracular | * |
Neomutt | Ubuntu | esm-apps/bionic | * |
Neomutt | Ubuntu | esm-apps/focal | * |
Neomutt | Ubuntu | esm-apps/jammy | * |
Neomutt | Ubuntu | esm-apps/noble | * |
Neomutt | Ubuntu | focal | * |
Neomutt | Ubuntu | jammy | * |
Neomutt | Ubuntu | noble | * |
Neomutt | Ubuntu | oracular | * |
Neomutt | Ubuntu | upstream | * |