Unrated severityNVD Advisory· Published Oct 23, 2009· Updated Apr 23, 2026

CVE-2009-3766

Description

mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Affected products

Mutt/Mutt
cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*
Range: >=1.5.16,<1.5.19

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

dev.mutt.org/trac/ticket/3087nvdPatchVendor Advisory
marc.infonvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2009/10/26/1nvdMailing ListThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000