Undefined Behavior for Input to API in Mutt
CVE-2023-4875

5.7MEDIUM

Key Information:

Vendor

Mutt

Status
Mutt
Vendor
CVE Published:
9 September 2023

What is CVE-2023-4875?

Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12

Affected Version(s)

Mutt 1.5.2 < 2.2.12

References

https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7...
https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c61...

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chenyuan Mi
.