PublicDateAtUSN: 2021-01-19 15:15:00 UTC
Candidate: CVE-2021-3181
PublicDate: 2021-01-19 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3181
 https://gitlab.com/muttmua/mutt/-/issues/323
 https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17
 http://www.openwall.com/lists/oss-security/2021/01/19/10
 https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19
 https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14
 https://ubuntu.com/security/notices/USN-4703-1
Description:
 rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of
 service (mailbox unavailability) by sending email messages with sequences
 of semicolon characters in RFC822 address fields (aka terminators of empty
 groups). A small email message from the attacker can cause large memory
 consumption, and the victim may then be unable to see email messages from
 other persons.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980326
Priority: medium
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_mutt:
upstream_mutt: needs-triage
precise/esm_mutt: ignored
trusty_mutt: ignored (out of standard support)
trusty/esm_mutt: DNE
xenial_mutt: released (1.5.24-1ubuntu0.6)
esm-infra/xenial_mutt: released (1.5.24-1ubuntu0.6)
bionic_mutt: released (1.9.4-3ubuntu0.5)
focal_mutt: released (1.13.2-1ubuntu0.4)
groovy_mutt: released (1.14.6-1ubuntu0.2)
devel_mutt: released (2.0.5-1)