CVE-2009-3765

Name of the Vulnerable Software and Affected Versions mutt versions 1.5.19 through 1.5.20

Description The issue arises from improper handling of a '0' character in a domain name within the subject's Common Name (CN) field of an X.509 certificate when OpenSSL is used. This allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Recommendations For mutt versions 1.5.19 and 1.5.20, consider updating to a version that properly handles '0' characters in domain names to prevent SSL server spoofing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.