Hide Forgot
Remote attackers can cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see other email messages. Reference: https://gitlab.com/muttmua/mutt/-/issues/323
Created mutt tracking bugs for this issue: Affects: fedora-all [bug 1920451]
Upstream commit: https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17 Note that the upstream report points out additional fixes that were made to further reduce memory usage when parsing malformed messages.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4181 https://access.redhat.com/errata/RHSA-2021:4181
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3181