In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
Weakness
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mutt | Mutt | - (including) | - (including) |
| Neomutt | Neomutt | - (including) | - (including) |
| Mutt | Ubuntu | devel | * |
| Mutt | Ubuntu | esm-infra/bionic | * |
| Mutt | Ubuntu | esm-infra/focal | * |
| Mutt | Ubuntu | esm-infra/xenial | * |
| Mutt | Ubuntu | focal | * |
| Mutt | Ubuntu | jammy | * |
| Mutt | Ubuntu | noble | * |
| Mutt | Ubuntu | oracular | * |
| Mutt | Ubuntu | plucky | * |
| Mutt | Ubuntu | questing | * |
| Neomutt | Ubuntu | esm-apps/bionic | * |
| Neomutt | Ubuntu | esm-apps/focal | * |
| Neomutt | Ubuntu | esm-apps/jammy | * |
| Neomutt | Ubuntu | esm-apps/noble | * |
| Neomutt | Ubuntu | focal | * |
| Neomutt | Ubuntu | jammy | * |
| Neomutt | Ubuntu | noble | * |
| Neomutt | Ubuntu | oracular | * |
| Neomutt | Ubuntu | upstream | * |