CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
85.5%
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of
service (mailbox unavailability) by sending email messages with sequences
of semicolon characters in RFC822 address fields (aka terminators of empty
groups). A small email message from the attacker can cause large memory
consumption, and the victim may then be unable to see email messages from
other persons.
www.openwall.com/lists/oss-security/2021/01/19/10
gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17
gitlab.com/muttmua/mutt/-/commit/939b02b33ae29bc0d642570c1dcfd4b339037d19
gitlab.com/muttmua/mutt/-/commit/d4305208955c5cdd9fe96dfa61e7c1e14e176a14
gitlab.com/muttmua/mutt/-/issues/323
launchpad.net/bugs/cve/CVE-2021-3181
nvd.nist.gov/vuln/detail/CVE-2021-3181
security-tracker.debian.org/tracker/CVE-2021-3181
ubuntu.com/security/notices/USN-4703-1
www.cve.org/CVERecord?id=CVE-2021-3181
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
85.5%