CVE-2021-3181

Publication date 19 January 2021

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

6.5 · Medium

Score breakdown

rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.

Status

Package Ubuntu Release Status
mutt 20.10 groovy
Fixed 1.14.6-1ubuntu0.2
20.04 LTS focal
Fixed 1.13.2-1ubuntu0.4
18.04 LTS bionic
Fixed 1.9.4-3ubuntu0.5
16.04 LTS xenial
Fixed 1.5.24-1ubuntu0.6
14.04 LTS trusty Not in release

Severity score breakdown

Parameter Value
Base score 6.5 · Medium
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H