What is CVE-2021-32055?

CVE-2021-32055 is a vulnerability in Mutt and NeoMutt which allows for an out-of-bounds read due to a $imap_qresync issue.

How severe is CVE-2021-32055?

CVE-2021-32055 has a severity value of 9.1, which is considered critical.

Which software versions are affected by CVE-2021-32055?

Mutt versions 1.11.0 through 2.0.x (before 2.0.7) and NeoMutt versions 2019-10-25 through 2021-05-04 are affected by CVE-2021-32055.

How can I fix CVE-2021-32055?

To fix CVE-2021-32055, upgrade to Mutt version 2.0.7 or later, or upgrade to a later version of NeoMutt after 2021-05-04.

Where can I find more information about CVE-2021-32055?

For more information about CVE-2021-32055, you can refer to the following references: [Link 1](http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html), [Link 2](https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc), [Link 3](https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5).

Vulnerability/
CVE-2021-32055

critical

9.1

CWE

125

5/5/2021

3/8/2024

CVE-2021-32055

First published: Wed May 05 2021(Updated: )

Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Mutt Mutt	>=1.11.0<2.0.7
Neomutt Neomutt	>=20191025<=20210504

Remedy

https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc

Remedy

https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-32055?
CVE-2021-32055 is a vulnerability in Mutt and NeoMutt which allows for an out-of-bounds read due to a $imap_qresync issue.
How severe is CVE-2021-32055?
CVE-2021-32055 has a severity value of 9.1, which is considered critical.
Which software versions are affected by CVE-2021-32055?
Mutt versions 1.11.0 through 2.0.x (before 2.0.7) and NeoMutt versions 2019-10-25 through 2021-05-04 are affected by CVE-2021-32055.
How can I fix CVE-2021-32055?
To fix CVE-2021-32055, upgrade to Mutt version 2.0.7 or later, or upgrade to a later version of NeoMutt after 2021-05-04.
Where can I find more information about CVE-2021-32055?
For more information about CVE-2021-32055, you can refer to the following references: [Link 1](http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20210503/000036.html), [Link 2](https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc), [Link 3](https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5).

collector/nvd-index
agent/weakness
agent/references
agent/author
agent/severity
agent/description
agent/type
agent/event
agent/last-modified-date
agent/remedy
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/mutt
canonical/mutt mutt
version/mutt mutt/1.11.0
vendor/neomutt
canonical/neomutt neomutt
version/neomutt neomutt/20191025
version/neomutt neomutt/20210504

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.