In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
                
            Metrics
Affected Vendors & Products
References
        History
                    Wed, 16 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | epss 
 | epss 
 | 
Thu, 14 Nov 2024 14:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Mutt Mutt mutt Neomutt Neomutt neomutt | |
| CPEs | cpe:2.3:a:mutt:mutt:-:*:*:*:*:*:*:* cpe:2.3:a:neomutt:neomutt:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* | |
| Vendors & Products | Mutt Mutt mutt Neomutt Neomutt neomutt | 
Tue, 12 Nov 2024 15:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Tue, 12 Nov 2024 02:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Title | mutt: neomutt: In-Reply-To email header field it not protected by cryptograpic signing | Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing | 
| First Time appeared | Redhat Redhat enterprise Linux | |
| CPEs | cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 | |
| Vendors & Products | Redhat Redhat enterprise Linux | |
| References |  | 
Tue, 12 Nov 2024 01:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender. | |
| Title | mutt: neomutt: In-Reply-To email header field it not protected by cryptograpic signing | |
| Weaknesses | CWE-347 | |
| References |  | |
| Metrics | threat_severity 
 | cvssV3_1 
 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: redhat
Published: 2024-11-12T02:07:19.551Z
Updated: 2025-09-02T20:34:36.911Z
Reserved: 2024-10-14T17:56:03.767Z
Link: CVE-2024-49394
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-11-12T14:25:10.403Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-11-12T03:15:03.677
Modified: 2024-11-14T13:38:04.143
Link: CVE-2024-49394
 Redhat
                        Redhat