FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 06:42:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6eb9cf14-bab0-11ec-8f59-4437e6ad11c4	mutt -- mutt_decode_uuencoded() can read past the of the input line Tavis Ormandy reports: mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in message parts, for example fragments of other messages, passphrases or keys in replys Discovery 2022-04-04 Entry 2022-04-12 mutt < 2.2.3 CVE-2022-1328 https://gitlab.com/muttmua/mutt/-/issues/404
387bbade-5d1d-11eb-bf20-4437e6ad11c4	mutt -- denial of service Tavis Ormandy reports: rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons. Discovery 2021-01-17 Entry 2021-01-23 mutt < 2.0.5 https://gitlab.com/muttmua/mutt/-/issues/323 CVE-2021-3181
dc132c91-2b71-11eb-8cfd-4437e6ad11c4	mutt -- authentication credentials being sent over an unencrypted connection Kevin J. McCarthy reports: Mutt had incorrect error handling when initially connecting to an IMAP server, which could result in an attempt to authenticate without enabling TLS. Discovery 2020-11-20 Entry 2020-11-20 mutt < 2.0.2 CVE-2020-28896 https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a

VuXML ID

Description

6eb9cf14-bab0-11ec-8f59-4437e6ad11c4

mutt -- mutt_decode_uuencoded() can read past the of the input line

Tavis Ormandy reports:

mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in message parts, for example fragments of other messages, passphrases or keys in replys

Discovery 2022-04-04
Entry 2022-04-12
mutt

< 2.2.3

CVE-2022-1328
https://gitlab.com/muttmua/mutt/-/issues/404

387bbade-5d1d-11eb-bf20-4437e6ad11c4

mutt -- denial of service

Tavis Ormandy reports:

rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.

Discovery 2021-01-17
Entry 2021-01-23
mutt

< 2.0.5

https://gitlab.com/muttmua/mutt/-/issues/323
CVE-2021-3181

dc132c91-2b71-11eb-8cfd-4437e6ad11c4

mutt -- authentication credentials being sent over an unencrypted connection

Kevin J. McCarthy reports:

Mutt had incorrect error handling when initially connecting to an IMAP server, which could result in an attempt to authenticate without enabling TLS.

Discovery 2020-11-20
Entry 2020-11-20
mutt

< 2.0.2

CVE-2020-28896
https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a