Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-49395

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

created 6 months ago

Mutt: neomutt: bcc email header field is indirectly leaked by cryptographic info block

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.

References

https://access.redhat.com/security/cve/CVE-2024-49395 x_refsource_REDHAT vdb-entry
RHBZ#2325332 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-49395 x_refsource_REDHAT vdb-entry
RHBZ#2325332 issue-tracking x_refsource_REDHAT
RHBZ#2325332 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-49395 x_refsource_REDHAT vdb-entry
RHBZ#2325332 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-49395 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2024-49395 x_refsource_REDHAT vdb-entry
RHBZ#2325332 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-49395 x_refsource_REDHAT vdb-entry
RHBZ#2325332 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-49395 x_refsource_REDHAT vdb-entry
RHBZ#2325332 issue-tracking x_refsource_REDHAT

Affected products

mutt

Matching in nixpkgs

pkgs.mutter

Window manager for GNOME

nixos-unstable -
- nixpkgs-unstable 48.4

pkgs.neomutt

Small but very powerful text-based mail client

nixos-unstable -
- nixpkgs-unstable 20250510

pkgs.mutt-ics

Tool to show calendar event details in Mutt

nixos-unstable -
- nixpkgs-unstable 0.9.2

pkgs.mutter46

Window manager for GNOME

nixos-unstable -
- nixpkgs-unstable 46.8

pkgs.mutt-wizard

System for automatically configuring mutt and isync

nixos-unstable -
- nixpkgs-unstable 3.3.1

pkgs.notmuch-mutt

Mutt support for notmuch

nixos-unstable -
- nixpkgs-unstable 0.39

pkgs.font-mutt-misc

ClearU pcf fonts

nixos-unstable -
- nixpkgs-unstable 1.0.4

pkgs.pantheon.mutter

Window manager for GNOME

nixos-unstable -
- nixpkgs-unstable 46.8

pkgs.xorg.fontmuttmisc

ClearU pcf fonts

nixos-unstable -
- nixpkgs-unstable 1.0.4

pkgs.vimPlugins.nvim-treesitter-parsers.muttrc

None

nixos-unstable -
- nixpkgs-unstable

Package maintainers

@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
@mh182 Max Hofer <mh182@chello.at>
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
@jtojnar Jan Tojnar <jtojnar@gmail.com>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@davidak David Kleuker <post@davidak.de>
@erikryb Erik Rybakken <erik.rybakken@math.ntnu.no>
@RaitoBezarius Ryan Lahfa <ryan@lahfa.xyz>
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>
@peterhoeg Peter Hoeg <peter@hoeg.com>

Nixpkgs Security Tracker

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.mutter

pkgs.neomutt

pkgs.mutt-ics

pkgs.mutter46

pkgs.mutt-wizard

pkgs.notmuch-mutt

pkgs.font-mutt-misc

pkgs.pantheon.mutter

pkgs.mutt-with-sidebar

pkgs.xorg.fontmuttmisc

pkgs.vimPlugins.nvim-treesitter-parsers.muttrc

Package maintainers