VDB

DEBIAN-CVE-2011-1429

DEBIAN-CVE-2011-1429 PUBLISHED

Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.

Affected Products

VendorProductVersions
Debian:11mutt0, 0, 0
Debian:12mutt0, 0, 0
Debian:13mutt0, 0, 0
Debian:14mutt0, 0, 0

Timeline

  • Mar 16, 2011 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›