Unrated severityNVD Advisory· Published Mar 16, 2011· Updated Apr 29, 2026

CVE-2011-1429

Description

Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.

Affected products

Mutt/Mutt
cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2011/Mar/87nvdPatch
lists.fedoraproject.org/pipermail/package-announce/2011-June/061353.htmlnvd
lists.fedoraproject.org/pipermail/package-announce/2011-June/061356.htmlnvd
lists.fedoraproject.org/pipermail/package-announce/2011-June/061461.htmlnvd
secunia.com/advisories/44937nvd
securityreason.com/securityalert/8143nvd
www.redhat.com/support/errata/RHSA-2011-0959.htmlnvd
www.securityfocus.com/bid/46803nvd
exchange.xforce.ibmcloud.com/vulnerabilities/66015nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000