CVE-2026-43859
Buffer Overflow in Mutt Email Client
Publication date: 2026-05-04
Last updated on: 2026-05-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mutt | mutt | to 2.3.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-158 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Mutt versions before 2.3.2 in the IMAP CRAM-MD5 authentication mechanism. The issue was that the code used strfcpy() to copy the raw binary MD5 digest of a secret during authentication. Because strfcpy() can truncate the value if it contains a null byte or due to an off-by-one error in the size parameter, the full MD5 digest was not always copied correctly.
The fix replaced strfcpy() with memcpy() to ensure the entire MD5 digest is copied properly, preventing truncation and ensuring correct handling of secrets longer than the MD5 block length.
How can this vulnerability impact me? :
The vulnerability could lead to incorrect handling of the MD5 digest during IMAP CRAM-MD5 authentication, potentially causing authentication failures or weakening the authentication process.
However, this issue is of low severity (CVSS 3.7) and likely has limited impact because CRAM-MD5 is rarely used and most passwords are shorter than 64 bytes, reducing the chance of triggering the truncation problem.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects Mutt versions before 2.3.2 when using the IMAP CRAM-MD5 authentication mechanism. Detection involves identifying if your system is running a vulnerable version of Mutt and if CRAM-MD5 authentication is in use.
- Check the installed Mutt version with the command: mutt -v
- Inspect your email client configuration files (e.g., ~/.muttrc) for usage of IMAP with CRAM-MD5 authentication.
- Monitor network traffic for IMAP authentication attempts using CRAM-MD5 by capturing packets with tools like tcpdump or Wireshark and filtering for IMAP AUTH commands.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Mutt to version 2.3.2 or later, where the issue with incorrect copying of the MD5 digest during IMAP CRAM-MD5 authentication has been fixed.
If upgrading immediately is not possible, consider disabling CRAM-MD5 authentication in your Mutt configuration to avoid triggering the vulnerable code path.
Additionally, monitor authentication logs for unusual activity and ensure that strong passwords are used, as the vulnerability mainly affects handling of longer secrets.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.