Bugzilla – Bug 1181221
VUL-0: CVE-2021-3181: mutt,neomutt: recipient parsing memory leak
Last modified: 2024-05-10 12:20:14 UTC
CVE-2021-3181 rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3181 http://seclists.org/oss-sec/2021/q1/58 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3181 https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17 https://gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19 https://gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14 https://gitlab.com/muttmua/mutt/-/issues/323
tracking as affected: - SUSE:SLE-11:Update/mutt - SUSE:SLE-12:Update/mutt - SUSE:SLE-15:Update/mutt
(In reply to Robert Frohl from comment #1) > tracking as affected: > > - SUSE:SLE-11:Update/mutt > - SUSE:SLE-12:Update/mutt > - SUSE:SLE-15:Update/mutt and factory as well
Fixed in mutt 2.0.5 https://build.opensuse.org/request/show/866082 cc neomutt maintainers
SUSE-SU-2021:0195-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1181221 CVE References: CVE-2021-3181 JIRA References: Sources used: SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): mutt-1.10.1-3.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0196-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1181221 CVE References: CVE-2021-3181 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP5 (src): mutt-1.10.1-55.24.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
+Fri Jan 22 16:52:40 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de> + +- mutt 2.0.5: + * CVE-2021-3181: recipient parsing memory leak (boo#1181221) + * fix other memory leak in IMAP code + * Fix color overlay when HAVE_COLOR is unset Thanks Andreas!
openSUSE-SU-2021:0161-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1181221 CVE References: CVE-2021-3181 JIRA References: Sources used: openSUSE Leap 15.1 (src): mutt-1.10.1-lp151.2.15.1
openSUSE-SU-2021:0162-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1181221 CVE References: CVE-2021-3181 JIRA References: Sources used: openSUSE Leap 15.2 (src): mutt-1.10.1-lp152.3.15.1
This is an autogenerated message for OBS integration: This bug (1181221) was mentioned in https://build.opensuse.org/request/show/1114300 Factory / mutt