CVE-2009-3766Improper Input Validation in Mutt

CWE-310CWE-20Improper Input ValidationCWE-297Improper Validation of Certificate with Host Mismatch12 documents6 sources
Severity
6.8MEDIUMNVD
NVD5.8
EPSS
0.4%
top 39.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MuttDebian Mutt
Timeline
PublishedOct 23
Latest updateMay 17

Description

mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

NVDmutt/mutt1.5.161.5.19
debiandebian/mutt< mutt 1.5.21-5 (bookworm)+1
Debianmutt/mutt< 1.5.21-5+3

Patches

Patch: dev.mutt.orgPatch: dev.mutt.org

🔴Vulnerability Details

3
GHSA
GHSA-h64v-56v4-2q6j: Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X2022-05-17
GHSA
GHSA-92jw-w2rc-xwxg: mutt_ssl2022-05-02
OSV
CVE-2011-1429: Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X2011-03-16

📋Vendor Advisories

4
Red Hat
mutt: SSL host name check may be skipped when verifying certificate chain2011-03-08
Debian
CVE-2011-1429: mutt - Mutt does not verify that the smtps server hostname matches the domain name of t...2011
Red Hat
mutt: missing host name vs. SSL certificate name checks2009-08-10
Debian
CVE-2009-3766: mutt - mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used...2009

💬Community

3
Bugzilla
CVE-2011-1429 mutt: SSL host name check may be skipped when verifying certificate chain2011-03-17
Bugzilla
CVE-2009-3766 mutt: missing host name vs. SSL certificate name checks2009-10-26
Bugzilla
CVE-2009-3765 mutt: Doesn't properly handle NULL character in subject Common Name2009-10-24