CVE-2021-32055

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32055
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32055.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-32055
Downstream
Related
Published
2021-05-05T16:15:08Z
Modified
2025-10-14T18:24:12.561675Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imapqresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imapqresync setting for QRESYNC is not enabled by default.

References

Affected packages

Git / github.com/muttmua/mutt

Affected ranges

Type
GIT
Repo
https://github.com/muttmua/mutt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
481f38004226ed6a317c02d3f00163edcca84641
Type
GIT
Repo
https://github.com/neomutt/neomutt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc
Type
GIT
Repo
https://gitlab.com/muttmua/mutt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7c4779ac24d2fb68a2a47b58c7904118f40965d5

Affected versions

Other

2019-10-25
20191102
20191111
20191129
20191207
20200313
20200320
20200417
20200424
20200501
20200619
20200626
20200807
20200814
20200821
20200925
20201120
20201127
20210205
mutt-0-92-10i
mutt-0-92-11i
mutt-0-92-9i
mutt-0-93-unstable
mutt-0-94-10i-rel
mutt-0-94-13-rel
mutt-0-94-14-rel
mutt-0-94-15-rel
mutt-0-94-16i-rel
mutt-0-94-17i-rel
mutt-0-94-18-rel
mutt-0-94-5i-rel
mutt-0-94-6i-rel
mutt-0-94-7i-rel
mutt-0-94-8i-rel
mutt-0-94-9i-p1
mutt-0-94-9i-rel
mutt-0-95-rel
mutt-0-96-1-rel
mutt-0-96-2-slightly-post-release
mutt-0-96-3-rel
mutt-0-96-4-rel
mutt-0-96-5-rel
mutt-0-96-6-rel
mutt-0-96-7-rel
mutt-0-96-8-rel
mutt-0-96-rel
mutt-1-1-1-1-rel
mutt-1-1-1-2-rel
mutt-1-1-1-rel
mutt-1-1-10-rel
mutt-1-1-11-rel
mutt-1-1-12-rel
mutt-1-1-13-rel
mutt-1-1-14-rel
mutt-1-1-2-rel
mutt-1-1-3-rel
mutt-1-1-4-rel
mutt-1-1-5-rel
mutt-1-1-6-rel
mutt-1-1-7-rel
mutt-1-1-8-rel
mutt-1-1-9-rel
mutt-1-1-rel
mutt-1-10-1-rel
mutt-1-10-rel
mutt-1-11-1-rel
mutt-1-11-2-rel
mutt-1-11-3-rel
mutt-1-11-4-rel
mutt-1-11-rel
mutt-1-12-1-rel
mutt-1-12-2-rel
mutt-1-12-rel
mutt-1-13-1-rel
mutt-1-13-2-rel
mutt-1-13-3-rel
mutt-1-13-4-rel
mutt-1-13-5-rel
mutt-1-13-rel
mutt-1-14-1-rel
mutt-1-14-2-rel
mutt-1-14-3-rel
mutt-1-14-4-rel
mutt-1-14-5-rel
mutt-1-14-6-rel
mutt-1-14-7-rel
mutt-1-14-rel
mutt-1-3-1-rel
mutt-1-3-10-rel
mutt-1-3-11-rel
mutt-1-3-12-rel
mutt-1-3-13-rel
mutt-1-3-14-rel
mutt-1-3-15-rel
mutt-1-3-16-rel
mutt-1-3-17-rel
mutt-1-3-18-rel
mutt-1-3-19-rel
mutt-1-3-2-rel
mutt-1-3-20-rel
mutt-1-3-21-rel
mutt-1-3-22-1-rel
mutt-1-3-22-rel
mutt-1-3-23-1-rel
mutt-1-3-23-2-rel
mutt-1-3-23-rel
mutt-1-3-24-rel
mutt-1-3-25-rel
mutt-1-3-26-rel
mutt-1-3-27-rel
mutt-1-3-3-rel
mutt-1-3-4-rel
mutt-1-3-5-rel
mutt-1-3-6-rel
mutt-1-3-7-rel
mutt-1-3-8-rel
mutt-1-3-9-rel
mutt-1-3-rel
mutt-1-5-1-rel
mutt-1-5-10-rel
mutt-1-5-11-rel
mutt-1-5-12-rel
mutt-1-5-13-rel
mutt-1-5-14-rel
mutt-1-5-15-rel
mutt-1-5-16-rel
mutt-1-5-17-rel
mutt-1-5-18-rel
mutt-1-5-19-rel
mutt-1-5-2-rel
mutt-1-5-20-rel
mutt-1-5-21-rel
mutt-1-5-22-rel
mutt-1-5-23-rel
mutt-1-5-24-rel
mutt-1-5-3-rel
mutt-1-5-4-rel
mutt-1-5-5-1-rel
mutt-1-5-5-rel
mutt-1-5-6-rel
mutt-1-5-7-rel
mutt-1-5-8-rel
mutt-1-5-9-rel
mutt-1-6-1-rel
mutt-1-6-2-rel
mutt-1-6-rel
mutt-1-7-1-rel
mutt-1-7-2-rel
mutt-1-7-rel
mutt-1-8-1-rel
mutt-1-8-2-rel
mutt-1-8-3-rel
mutt-1-8-rel
mutt-1-9-1-rel
mutt-1-9-2-rel
mutt-1-9-3-rel
mutt-1-9-4-rel
mutt-1-9-5-rel
mutt-1-9-rel
mutt-2-0-1-rel
mutt-2-0-2-rel
mutt-2-0-3-rel
mutt-2-0-4-rel
mutt-2-0-5-rel
mutt-2-0-6-rel
mutt-2-0-rel
neomutt-20160822
neomutt-20160827
neomutt-20160910
neomutt-20160916
neomutt-20161002
neomutt-20161003
neomutt-20161014
neomutt-20161028
neomutt-20161104
neomutt-20161126
neomutt-20170113
neomutt-20170128
neomutt-20170206
neomutt-20170225
neomutt-20170306
neomutt-20170414
neomutt-20170421
neomutt-20170428
neomutt-20170526
neomutt-20170602
neomutt-20170609
neomutt-20170707
neomutt-20170714
neomutt-20170907
neomutt-20170912
neomutt-20171006
neomutt-20171013
neomutt-20171027
neomutt-20171208
neomutt-20171215
neomutt-20180223
neomutt-20180323
neomutt-20180512
neomutt-20180622
neomutt-20180716
post-type-punning-patch
pre-type-punning-patch

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2021-32055-38e74542",
            "signature_type": "Function",
            "target": {
                "file": "imap/util.c",
                "function": "mutt_seqset_iterator_next"
            },
            "deprecated": false,
            "digest": {
                "length": 1160.0,
                "function_hash": "327849469346756229567200198582359587522"
            },
            "signature_version": "v1",
            "source": "https://gitlab.com/muttmua/mutt@7c4779ac24d2fb68a2a47b58c7904118f40965d5"
        },
        {
            "id": "CVE-2021-32055-4c81c57e",
            "signature_type": "Function",
            "target": {
                "file": "imap/util.c",
                "function": "mutt_seqset_iterator_next"
            },
            "deprecated": false,
            "digest": {
                "length": 1176.0,
                "function_hash": "73505962850917160909294275267743903490"
            },
            "signature_version": "v1",
            "source": "https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc"
        },
        {
            "id": "CVE-2021-32055-59c3aeb0",
            "signature_type": "Line",
            "target": {
                "file": "imap/util.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "81506391262222617034244168332835946665",
                    "303874870477249185833272239663961402128",
                    "124862167970411843036617263141853992812",
                    "54204883516869899386840905439130192567",
                    "162382499552880942347648240619023610802",
                    "47232061119977301568273361132025475800",
                    "217296151842624639288029168000282614747",
                    "179098974141636469554563531294800321792",
                    "11635958538338115415730135300912308183",
                    "276370641790290704923598165468097169201"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://gitlab.com/muttmua/mutt@7c4779ac24d2fb68a2a47b58c7904118f40965d5"
        },
        {
            "id": "CVE-2021-32055-7a585a0c",
            "signature_type": "Line",
            "target": {
                "file": "imap/util.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "81506391262222617034244168332835946665",
                    "303874870477249185833272239663961402128",
                    "124862167970411843036617263141853992812",
                    "54204883516869899386840905439130192567",
                    "162382499552880942347648240619023610802",
                    "47232061119977301568273361132025475800",
                    "217296151842624639288029168000282614747",
                    "82365684738109167211888185977821194642",
                    "40067316522776741466634091969401308469",
                    "185512031935072161211568664626799666046"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc"
        }
    ]
}