{"id":"CVE-2020-14093","details":"Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.","modified":"2026-04-10T04:22:30.837727Z","published":"2020-06-15T05:15:11.300Z","related":["MGASA-2020-0357","SUSE-SU-2020:14414-1","SUSE-SU-2020:1771-1","SUSE-SU-2020:1794-1","openSUSE-SU-2020:0903-1","openSUSE-SU-2020:0915-1","openSUSE-SU-2020:2127-1","openSUSE-SU-2020:2157-1","openSUSE-SU-2020:2158-1","openSUSE-SU-2024:11069-1","openSUSE-SU-2024:11079-1"],"references":[{"type":"ADVISORY","url":"https://bugs.gentoo.org/728300"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4401-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4708"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html"},{"type":"ADVISORY","url":"http://www.mutt.org"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202007-57"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4707"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html"},{"type":"FIX","url":"https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/muttmua/mutt","events":[{"introduced":"0"},{"fixed":"34e3a1a3527cf561909b3369cc3cdd9d82b0bc2d"},{"fixed":"3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.14.3"}]}}],"versions":["mutt-0-92-10i","mutt-0-92-11i","mutt-0-92-9i","mutt-0-93-unstable","mutt-0-94-10i-rel","mutt-0-94-13-rel","mutt-0-94-14-rel","mutt-0-94-15-rel","mutt-0-94-16i-rel","mutt-0-94-17i-rel","mutt-0-94-18-rel","mutt-0-94-5i-rel","mutt-0-94-6i-rel","mutt-0-94-7i-rel","mutt-0-94-8i-rel","mutt-0-94-9i-p1","mutt-0-94-9i-rel","mutt-0-95-rel","mutt-0-96-1-rel","mutt-0-96-2-slightly-post-release","mutt-0-96-3-rel","mutt-0-96-4-rel","mutt-0-96-5-rel","mutt-0-96-6-rel","mutt-0-96-7-rel","mutt-0-96-8-rel","mutt-0-96-rel","mutt-1-1-1-1-rel","mutt-1-1-1-2-rel","mutt-1-1-1-rel","mutt-1-1-10-rel","mutt-1-1-11-rel","mutt-1-1-12-rel","mutt-1-1-13-rel","mutt-1-1-14-rel","mutt-1-1-2-rel","mutt-1-1-3-rel","mutt-1-1-4-rel","mutt-1-1-5-rel","mutt-1-1-6-rel","mutt-1-1-7-rel","mutt-1-1-8-rel","mutt-1-1-9-rel","mutt-1-1-rel","mutt-1-10-rel","mutt-1-11-rel","mutt-1-12-rel","mutt-1-13-rel","mutt-1-14-1-rel","mutt-1-14-2-rel","mutt-1-14-rel","mutt-1-3-1-rel","mutt-1-3-10-rel","mutt-1-3-11-rel","mutt-1-3-12-rel","mutt-1-3-13-rel","mutt-1-3-14-rel","mutt-1-3-15-rel","mutt-1-3-16-rel","mutt-1-3-17-rel","mutt-1-3-18-rel","mutt-1-3-19-rel","mutt-1-3-2-rel","mutt-1-3-20-rel","mutt-1-3-21-rel","mutt-1-3-22-1-rel","mutt-1-3-22-rel","mutt-1-3-23-1-rel","mutt-1-3-23-2-rel","mutt-1-3-23-rel","mutt-1-3-24-rel","mutt-1-3-25-rel","mutt-1-3-26-rel","mutt-1-3-27-rel","mutt-1-3-3-rel","mutt-1-3-4-rel","mutt-1-3-5-rel","mutt-1-3-6-rel","mutt-1-3-7-rel","mutt-1-3-8-rel","mutt-1-3-9-rel","mutt-1-3-rel","mutt-1-5-1-rel","mutt-1-5-15-rel","mutt-1-5-16-rel","mutt-1-5-17-rel","mutt-1-5-18-rel","mutt-1-5-19-rel","mutt-1-5-2-rel","mutt-1-5-20-rel","mutt-1-5-21-rel","mutt-1-5-22-rel","mutt-1-5-24-rel","mutt-1-5-3-rel","mutt-1-5-4-rel","mutt-1-5-5-1-rel","mutt-1-5-5-rel","mutt-1-5-6-rel","mutt-1-6-rel","mutt-1-7-rel","mutt-1-8-rel","mutt-1-9-rel","post-type-punning-patch","pre-type-punning-patch"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14093.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.10"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"15.2"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}