← Back to CVEs
CVE-2024-49394
MEDIUM5.3
Description
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
CVE Details
CVSS v3.1 Score5.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published11/12/2024
Last Modified11/14/2024
Sourcenvd
Honeypot Sightings0
Affected Products
mutt:muttneomutt:neomuttredhat:enterprise_linux
Weaknesses (CWE)
CWE-347
References
https://access.redhat.com/security/cve/CVE-2024-49394(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2325330(secalert@redhat.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.