What is CVE-2021-32055?

CVE-2021-32055 is a vulnerability in Mutt and NeoMutt which allows for an out-of-bounds read due to a $imap_qresync issue.

How severe is CVE-2021-32055?

CVE-2021-32055 has a severity value of 9.1, which is considered critical.

Which software versions are affected by CVE-2021-32055?

Mutt versions 1.11.0 through 2.0.x (before 2.0.7) and NeoMutt versions 2019-10-25 through 2021-05-04 are affected by CVE-2021-32055.

How can I fix CVE-2021-32055?

To fix CVE-2021-32055, upgrade to Mutt version 2.0.7 or later, or upgrade to a later version of NeoMutt after 2021-05-04.

Where can I find more information about CVE-2021-32055?

For more information about CVE-2021-32055, you can refer to the following references: [Link 1](http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html), [Link 2](https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc), [Link 3](https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5).

Vulnerability/
CVE-2021-32055

critical

9.1

CWE

125

5/5/2021

21/11/2024

CVE-2021-32055

First published: Wed May 05 2021(Updated: )

Last updated 16 January 2025

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
debian/mutt		2.0.5-4.1+deb11u3 2.2.12-0.1~deb12u1 2.2.9-1+deb12u1 2.2.13-1
debian/neomutt		20201127+dfsg.1-1.2 20220429+dfsg1-4.1 20250113+dfsg-1
Mutt	>=1.11.0<2.0.7
Mutt	>=20191025<=20210504

Remedy

https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc

Remedy

https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-32055?
CVE-2021-32055 is a vulnerability in Mutt and NeoMutt which allows for an out-of-bounds read due to a $imap_qresync issue.
How severe is CVE-2021-32055?
CVE-2021-32055 has a severity value of 9.1, which is considered critical.
Which software versions are affected by CVE-2021-32055?
Mutt versions 1.11.0 through 2.0.x (before 2.0.7) and NeoMutt versions 2019-10-25 through 2021-05-04 are affected by CVE-2021-32055.
How can I fix CVE-2021-32055?
To fix CVE-2021-32055, upgrade to Mutt version 2.0.7 or later, or upgrade to a later version of NeoMutt after 2021-05-04.
Where can I find more information about CVE-2021-32055?
For more information about CVE-2021-32055, you can refer to the following references: [Link 1](http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html), [Link 2](https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc), [Link 3](https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5).

agent/type
agent/remedy
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/first-publish-date
agent/references
collector/launchpad-cve
source/Launchpad
collector/usn-cve
source/Ubuntu
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/last-modified-date
agent/author
agent/description
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-cve
source/NVD
package-manager/debian
vendor/mutt
canonical/mutt
version/mutt/1.11.0
vendor/neomutt
version/mutt/20191025
version/mutt/20210504

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.