vulnerability

Oracle Linux: CVE-2020-28896: ELSA-2021-4181: mutt security, bug fix, and enhancement update (MODERATE)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:N/AC:H/Au:N/C:P/I:N/A:N)	Nov 20, 2020	Jul 22, 2024	Dec 3, 2025

Severity

CVSS

(AV:N/AC:H/Au:N/C:P/I:N/A:N)

Published

Nov 20, 2020

Added

Jul 22, 2024

Modified

Dec 3, 2025

Description

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.

Solution

oracle-linux-upgrade-mutt

References

CVE-2020-28896
https://attackerkb.com/topics/CVE-2020-28896
ELSA-ELSA-2021-4181
CWE-287
CWE-755

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report