{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4875", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2023-09-09T12:01:14.019Z", "datePublished": "2023-09-09T14:30:24.864Z", "dateUpdated": "2024-08-30T15:14:47.158Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mutt", "vendor": "Mutt", "versions": [{"lessThan": "2.2.12", "status": "affected", "version": "1.5.2", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Chenyuan Mi"}], "descriptions": [{"lang": "en", "value": "Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-475", "description": "CWE-475: Undefined Behavior for Input to API", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-08-29T15:04:50.526Z"}, "references": [{"url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch"}, {"url": "https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch"}], "solutions": [{"lang": "en", "value": "Upgrade to version 2.2.12"}], "title": "Undefined Behavior for Input to API in Mutt"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.765Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5494", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00021.html", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/26/6", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-30T15:14:35.816969Z", "id": "CVE-2023-4875", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T15:14:47.158Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5494", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00021.html", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/26/6", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.765Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4875", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-30T15:14:35.816969Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T15:14:41.683Z"}}], "cna": {"title": "Undefined Behavior for Input to API in Mutt", "credits": [{"lang": "en", "type": "finder", "value": "Chenyuan Mi"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.2, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Mutt", "product": "Mutt", "versions": [{"status": "affected", "version": "1.5.2", "lessThan": "2.2.12", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 2.2.12"}], "references": [{"url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch"}, {"url": "https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch"}], "descriptions": [{"lang": "en", "value": "Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-475", "description": "CWE-475: Undefined Behavior for Input to API"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-08-29T15:04:50.526Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4875", "state": "PUBLISHED", "dateUpdated": "2024-08-30T15:14:47.158Z", "dateReserved": "2023-09-09T12:01:14.019Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2023-09-09T14:30:24.864Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "matchCriteriaId": "A42057D9-7C22-41AA-AD4F-040CE0B8CD4E", "versionEndExcluding": "2.2.12", "versionStartExcluding": "1.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12"}, {"lang": "es", "value": "Eliminaci\u00f3n de referencia del puntero nulo al redactar a partir de un mensaje de borrador especialmente manipulado en Mutt versiones &gt;1.5.2 y &lt;2.2.12"}], "id": "CVE-2023-4875", "lastModified": "2024-11-21T08:36:10.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 1.4, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-09T15:15:35.500", "references": [{"source": "cve@gitlab.com", "tags": ["Patch"], "url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch"}, {"source": "cve@gitlab.com", "tags": ["Patch"], "url": "https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2023/09/26/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2023/dsa-5494"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-475"}], "source": "cve@gitlab.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3058", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "mutt-5:2.0.7-3.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:2290", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "mutt-5:2.2.6-2.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}], "bugzilla": {"description": "mutt: null pointer dereference", "id": "2238241", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238241"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12", "A null pointer dereference flaw was found in mutt when handling specially crafted characters. This issue could allow an attacker to send a specially crafted email that causes the email client to crash when reading or processing the email."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-4875", "public_date": "2023-09-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-4875\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4875\nhttps://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch\nhttps://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch"], "statement": "This is a local client crash caused by a specially crafted email. No code execution is expected. This flaw has been rated as having moderate security impact.", "threat_severity": "Moderate"}

{}