CVE-2009-3766

Name of the Vulnerable Software and Affected Versions mutt versions 1.5.16 through 1.5.18

Description The issue arises from a failure to verify the domain name in the subject's Common Name (CN) field of an X.509 certificate when OpenSSL is used. This allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Recommendations For mutt versions 1.5.16 through 1.5.18, update to version 1.5.19 or later to resolve the issue.