Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-06-21T16:55:41

Updated: 2024-08-04T13:00:52.083Z

Reserved: 2020-06-21T00:00:00

Link: CVE-2020-14954

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-06-21T17:15:09.603

Modified: 2024-11-21T05:04:30.410

Link: CVE-2020-14954

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-06-16T00:00:00Z

Links: CVE-2020-14954 - Bugzilla