New mutt packages that fix an overflow in mutt's address parsing code are available. It is recommended that all mutt users update to the fixed packages.
An overflow exists in mutt's RFC822 address parser. A remote attacker could send a carefully crafted email message which when read by mutt would be able to overwrite arbitrary bytes in memory. The updated mutt-1.2.5.1 release fixes the problem. Thanks go to Joost Pol for discovering the bug and the Mutt team for the fixed release. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0001 to this issue.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center