CVE-2026-43864

/* * Conceptual Proof of Concept for CVE-2026-43864 * This simulates the NULL pointer dereference in show_sig_summary. * Compile: gcc -o poc poc.c */ #include <stdio.h> #include <stdlib.h> // Simulated vulnerable function based on the description void show_sig_summary(char *sig_data) { // Vulnerability: Missing NULL check on sig_data // If sig_data is NULL, this will cause a Segmentation Fault printf("Signature Summary: %s\n", sig_data); } int main(int argc, char *argv[]) { printf("[+] Triggering CVE-2026-43864 PoC...\n"); // Scenario: Passing a NULL pointer to the function // This mimics the condition found in Mutt < 2.3.2 char *malicious_input = NULL; printf("[+] Calling vulnerable function with NULL pointer...\n"); show_sig_summary(malicious_input); printf("[-] Exploit failed (code should not reach here)\n"); return 0; }

{"cve": {"id": "CVE-2026-43864", "sourceIdentifier": "[email protected]", "published": "2026-05-04T07:16:01.190", "lastModified": "2026-05-05T19:44:42.893", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "mutt before 2.3.2 has a show_sig_summary NULL pointer dereference."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "baseScore": 2.5, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.0, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-476"}]}], "references": [{"url": "https://github.com/muttmua/mutt/commit/ebfa2969042d89303d15334193fcc32866c8a8df", "source": "[email protected]"}]}}