Executive Summary

Name CVE-2009-3765 First vendor Publication 2009-10-23
Vendor Cve Last vendor Modification 2009-10-29

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3765

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-310 Cryptographic Issues

CPE : Common Platform Enumeration

Application 2

Open Source Vulnerability Database (OSVDB)

Id Description
59270 Mutt mutt_ssl.c Certificate Authority (CA) Common Name Null Byte Handling SSL...

Sources (Detail)

Source Url
CONFIRM http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.c
MLIST http://marc.info/?l=oss-security&m=125198917018936&w=2
SUSE http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

Alert History

If you want to see full details history, please login or register.
Date Informations
2020-05-23 00:24:30
  • Multiple Updates
2016-06-29 00:07:49
  • Multiple Updates
2013-05-10 23:59:54
  • Multiple Updates