CVE Vulnerabilities

CVE-2024-49394

Improper Verification of Cryptographic Signature

Published: Nov 12, 2024 | Modified: Nov 14, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
5.3 LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Ubuntu
LOW

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.

Weakness

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Affected Software

Name Vendor Start Version End Version
Mutt Mutt - (including) - (including)
Neomutt Neomutt - (including) - (including)
Mutt Ubuntu devel *
Mutt Ubuntu esm-infra/bionic *
Mutt Ubuntu esm-infra/xenial *
Mutt Ubuntu focal *
Mutt Ubuntu jammy *
Mutt Ubuntu noble *
Mutt Ubuntu oracular *
Neomutt Ubuntu esm-apps/bionic *
Neomutt Ubuntu esm-apps/focal *
Neomutt Ubuntu esm-apps/jammy *
Neomutt Ubuntu esm-apps/noble *
Neomutt Ubuntu focal *
Neomutt Ubuntu jammy *
Neomutt Ubuntu noble *
Neomutt Ubuntu oracular *
Neomutt Ubuntu upstream *

References