CVE-2009-3942

Name of the Vulnerable Software and Affected Versions msmtp versions prior to 1.4.19

Description The issue arises from improper handling of a '0' character in a domain name within the subject's Common Name or Subject Alternative Name field of an X.509 certificate when OpenSSL is used. This allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Recommendations For versions prior to 1.4.19, update to version 1.4.19 or later to resolve the issue.