Total vulnerabilities in the database
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
| Software | From | Fixed in |
|---|---|---|
| mutt / mutt | - | 1.14.4 |
| debian / debian_linux | 9.0 | 9.0.x |
| debian / debian_linux | 10.0 | 10.0.x |
| neomutt / neomutt | - | 20200619 |
| fedoraproject / fedora | 31 | 31.x |
| fedoraproject / fedora | 32 | 32.x |
| debian / debian_linux | 8.0 | 8.0.x |
| canonical / ubuntu_linux | 18.04 | 18.04.x |
| canonical / ubuntu_linux | 19.10 | 19.10.x |
| canonical / ubuntu_linux | 20.04 | 20.04.x |
| canonical / ubuntu_linux | 16.04 | 16.04.x |
| canonical / ubuntu_linux | 12.04 | 12.04.x |
| opensuse / leap | 15.1 | 15.1.x |
| opensuse / leap | 15.2 | 15.2.x |