Remote attackers can cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see other email messages.
Created mutt tracking bugs for this issue:
Affects: fedora-all [bug 1920451]
Note that the upstream report points out additional fixes that were made to further reduce memory usage when parsing malformed messages.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2021:4181 https://access.redhat.com/errata/RHSA-2021:4181
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):