Martin Lambers msmtp prior to 1.4.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle malicious users to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
martin lambers msmtp 0.6.5 |
||
martin lambers msmtp 0.6.4 |
||
martin lambers msmtp 0.5.0 |
||
martin lambers msmtp 0.6.3 |
||
martin lambers msmtp 0.6.2 |
||
martin lambers msmtp 0.4.1 |
||
martin lambers msmtp 0.4.0 |
||
martin lambers msmtp 1.4.15 |
||
martin lambers msmtp 1.4.14 |
||
martin lambers msmtp 1.4.6 |
||
martin lambers msmtp 1.4.5 |
||
martin lambers msmtp 1.2.2 |
||
martin lambers msmtp 1.0.0 |
||
martin lambers msmtp 0.4.2 |
||
martin lambers msmtp 1.4.17 |
||
martin lambers msmtp 1.4.16 |
||
martin lambers msmtp 1.4.7 |
||
martin lambers msmtp 1.4.8 |
||
martin lambers msmtp 1.2.4 |
||
martin lambers msmtp 1.2.3 |
||
martin lambers msmtp |
||
martin lambers msmtp 0.7.0 |
||
martin lambers msmtp 0.6.6 |
||
martin lambers msmtp 0.5.3 |
||
martin lambers msmtp 0.5.2 |
||
martin lambers msmtp 0.5.1 |
||
martin lambers msmtp 0.2.6 |
||
martin lambers msmtp 0.2.5 |
||
martin lambers msmtp 1.4.10 |
||
martin lambers msmtp 1.4.9 |
||
martin lambers msmtp 1.4.1 |
||
martin lambers msmtp 1.4.0 |
||
martin lambers msmtp 0.7.2 |
||
martin lambers msmtp 0.6.1 |
||
martin lambers msmtp 0.6.0 |
||
martin lambers msmtp 0.3.1 |
||
martin lambers msmtp 0.3.0 |
||
martin lambers msmtp 1.4.13 |
||
martin lambers msmtp 1.4.12 |
||
martin lambers msmtp 1.4.4 |
||
martin lambers msmtp 1.4.3 |
||
martin lambers msmtp 1.4.2 |
||
martin lambers msmtp 1.2.1 |
||
martin lambers msmtp 0.7.1 |
Vulmon