Detections
Analytics
Debian DSA-4838-1 : mutt - security update
medium Nessus Plugin ID 145480
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Tavis Ormandy discovered a memory leak flaw in the rfc822 group recipient parsing in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, which could result in denial of service.Solution
Upgrade the mutt packages.For the stable distribution (buster), this problem has been fixed in version 1.10.1-2.1+deb10u5.
See Also
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980326
https://security-tracker.debian.org/tracker/source-package/mutt
Plugin Details
Severity: Medium
ID: 145480
File Name: debian_DSA-4838.nasl
Version: 1.2
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 1/27/2021
Updated: 1/29/2021
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2021-3181
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:mutt, cpe:/o:debian:debian_linux:10.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 1/25/2021
Vulnerability Publication Date: 1/19/2021
Reference Information
CVE: CVE-2021-3181
DSA: 4838