Vulnerability Report

CVE-2006-3242

RCE

Title: Mutt RCE

RCE

Proof Of Concept

No public PoC currently indexed for CVE-2006-3242.

CWE Category NVD-CWE-noinfo

Published Date Jun 27, 2006

Modified Date Apr 03, 2025

Exploit Status Not Found

Score 7.5 CVSS v2.0

Exploit Probability (EPSS)

7.54%

Vulnerability Summary

CVE-2006-3242: Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server.

Impacted Vendors

mutt 1

Reference Links

ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git%3Ba=commit%3Bh=dc0272b749f0e2b102973b7ac43dbd3908507540 http://dev.mutt.org/cgi-bin/viewcvs.cgi/mutt/imap/browse.c?r1=1.34.2.2&r2=1.34.2.3 http://secunia.com/advisories/20810 http://secunia.com/advisories/20836 http://secunia.com/advisories/20854 http://secunia.com/advisories/20879 http://secunia.com/advisories/20887 http://secunia.com/advisories/20895 http://secunia.com/advisories/20960 http://secunia.com/advisories/21039 http://secunia.com/advisories/21124 http://secunia.com/advisories/21135 http://secunia.com/advisories/21220 http://securitytracker.com/id?1016482 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472221 http://www.debian.org/security/2006/dsa-1108 http://www.gentoo.org/security/en/glsa/glsa-200606-27.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:115 http://www.novell.com/linux/security/advisories/2006_16_sr.html http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.013-mutt.html http://www.redhat.com/support/errata/RHSA-2006-0577.html http://www.securityfocus.com/archive/1/438712/100/0/threaded http://www.securityfocus.com/bid/18642 http://www.trustix.org/errata/2006/0038 http://www.vupen.com/english/advisories/2006/2522 https://exchange.xforce.ibmcloud.com/vulnerabilities/27428 https://issues.rpath.com/browse/RPL-471 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10826 https://usn.ubuntu.com/307-1/ ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git%3Ba=commit%3Bh=dc0272b749f0e2b102973b7ac43dbd3908507540 http://dev.mutt.org/cgi-bin/viewcvs.cgi/mutt/imap/browse.c?r1=1.34.2.2&r2=1.34.2.3 http://secunia.com/advisories/20810 http://secunia.com/advisories/20836 http://secunia.com/advisories/20854 http://secunia.com/advisories/20879 http://secunia.com/advisories/20887 http://secunia.com/advisories/20895 http://secunia.com/advisories/20960 http://secunia.com/advisories/21039 http://secunia.com/advisories/21124 http://secunia.com/advisories/21135 http://secunia.com/advisories/21220 http://securitytracker.com/id?1016482 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472221 http://www.debian.org/security/2006/dsa-1108 http://www.gentoo.org/security/en/glsa/glsa-200606-27.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:115 http://www.novell.com/linux/security/advisories/2006_16_sr.html http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.013-mutt.html http://www.redhat.com/support/errata/RHSA-2006-0577.html http://www.securityfocus.com/archive/1/438712/100/0/threaded http://www.securityfocus.com/bid/18642 http://www.trustix.org/errata/2006/0038 http://www.vupen.com/english/advisories/2006/2522 https://exchange.xforce.ibmcloud.com/vulnerabilities/27428 https://issues.rpath.com/browse/RPL-471 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10826 https://usn.ubuntu.com/307-1/

CVSS v2.0

Source Entity [email protected]

Severity HIGH

7.5

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2006-3242 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 03, 2025 MODIFIED

Vulnerability data or affected products updated.

June 27, 2006 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.