Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged
Permalink CVE-2024-49394
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 6 months ago
Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.

References

Affected products

mutt

Matching in nixpkgs

pkgs.mutter

Window manager for GNOME

  • nixos-unstable -

pkgs.neomutt

Small but very powerful text-based mail client

pkgs.mutt-ics

Tool to show calendar event details in Mutt

  • nixos-unstable -

pkgs.mutter46

Window manager for GNOME

  • nixos-unstable -

pkgs.mutt-wizard

System for automatically configuring mutt and isync

  • nixos-unstable -

Package maintainers