Back to search
CVE-2020-14954
Published: Jun 21, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-4707
vendor-advisory
x_refsource_DEBIAN
http://www.mutt.org/
x_refsource_MISC
https://gitlab.com/muttmua/mutt/-/issues/248
x_refsource_MISC
https://github.com/neomutt/neomutt/releases/tag/20200619
x_refsource_MISC
DSA-4708
vendor-advisory
x_refsource_DEBIAN
openSUSE-SU-2020:0903
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2020:0915
vendor-advisory
x_refsource_SUSE
[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-1] mutt security update
mailing-list
x_refsource_MLIST
[debian-lts-announce] 20200630 [SECURITY] [DLA 2268-2] mutt regression update
mailing-list
x_refsource_MLIST
FEDORA-2020-1cb4c3697b
vendor-advisory
x_refsource_FEDORA
USN-4403-1
vendor-advisory
x_refsource_UBUNTU
FEDORA-2020-31af2ac7fd
vendor-advisory
x_refsource_FEDORA
GLSA-202007-57
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now