Flaw: Mutt Controlled IMAP server buffer overflow

According to a new release from Core Labs, “The Mutt Mail User Agent (MUA) has support for accessing remote mailboxes through the IMAP protocol. By controlling a malicious IMAP server and providing a specially crafted folder, an attacker can crash the mail reader and possibly force execution of arbitrary commands on the vulnerable system with the privileges of the user running Mutt.”

Versions of Mutt up to, and including, 1.4.0 (stable) and versions of Mutt up to, and including, 1.5.3 (unstable) are vulnerable.

More information on the flaw, as well as a fix for select versions, is available at: http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about MUA

Show Comments