Untriaged
Permalink
CVE-2024-49393
7.4 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): NONE
Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing
In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.
References
- https://access.redhat.com/security/cve/CVE-2024-49393 x_refsource_REDHAT vdb-entry
- RHBZ#2325317 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-49393 x_refsource_REDHAT vdb-entry
- RHBZ#2325317 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-49393 x_refsource_REDHAT vdb-entry
- RHBZ#2325317 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-49393 x_refsource_REDHAT vdb-entry
- RHBZ#2325317 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-49393 x_refsource_REDHAT vdb-entry
- RHBZ#2325317 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-49393 x_refsource_REDHAT vdb-entry
- RHBZ#2325317 issue-tracking x_refsource_REDHAT
Affected products
mutt
Matching in nixpkgs
pkgs.neomutt
Small but very powerful text-based mail client
-
nixos-unstable -
- nixpkgs-unstable 20250510
pkgs.mutt-wizard
System for automatically configuring mutt and isync
-
nixos-unstable -
- nixpkgs-unstable 3.3.1
pkgs.notmuch-mutt
Mutt support for notmuch
-
nixos-unstable -
- nixpkgs-unstable 0.39
pkgs.font-mutt-misc
ClearU pcf fonts
-
nixos-unstable -
- nixpkgs-unstable 1.0.4
pkgs.pantheon.mutter
Window manager for GNOME
-
nixos-unstable -
- nixpkgs-unstable 46.8
pkgs.xorg.fontmuttmisc
ClearU pcf fonts
-
nixos-unstable -
- nixpkgs-unstable 1.0.4
Package maintainers
-
@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
-
@mh182 Max Hofer <mh182@chello.at>
-
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@davidak David Kleuker <post@davidak.de>
-
@erikryb Erik Rybakken <erik.rybakken@math.ntnu.no>
-
@RaitoBezarius Ryan Lahfa <ryan@lahfa.xyz>
-
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>
-
@peterhoeg Peter Hoeg <peter@hoeg.com>