CVE-2021-32055

CRITICAL
Published May 5, 20215y ago · Modified Jun 17, 20262w ago
9.1 CVSS 3.1
Critical
Find Similar
Published May 5, 2021 5y ago
Last Modified Jun 17, 2026 2w ago

Description

Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.

CVSS Details

Base Score
9.1
Exploitability
3.9
Impact
5.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 2

VendorProductVersionRange
muttmutt*≥1.11.0  –  <2.0.7
neomuttneomutt*≥20191025  –  ≤20210504

References 4

  • lists.mutt.org http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html
    Mailing ListVendor Advisory
  • github.com https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc
    PatchThird Party Advisory
  • gitlab.com https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5
    PatchThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/202105-05
    Third Party Advisory

Remediation

  • github.com https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc
    PatchThird Party Advisory
  • gitlab.com https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5
    PatchThird Party Advisory