Unrated severityNVD Advisory· Published Oct 23, 2009· Updated Jun 16, 2026
CVE-2009-3766
CVE-2009-3766
Description
mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- dev.mutt.org/trac/ticket/3087nvdPatchVendor Advisory
- marc.infonvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2009/10/26/1nvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.