All errata/sisyphus/ALT-PU-2024-17103-3
ALT-PU-2024-17103-3

Package update neomutt in branch sisyphus

Version20241212-alt1
Task#365086
Published2026-02-04
Max severityHIGH
Severity:

Closed issues (3)

BDU:2025-00230
HIGH7.4

Уязвимость почтовых клиентов Mutt и NeoMutt, связанная с ошибками проверки криптографической подписи, позволяющая нарушителю изменить список доверенных получателей и раскрыть защищаемую информацию

Published: 2025-01-13Modified: 2025-01-19
CVSS 3.xHIGH 7.4
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS 2.0HIGH 7.1
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:N
References
CVE-2024-49393
MEDIUM6.5

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.

Published: 2024-11-12Modified: 2025-07-16
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
References