6.4

CVE-2009-3942

Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Martin LambersMsmtp Version <= 1.4.18
   Martin LambersMsmtp Version <= 1.4.18
   Martin LambersMsmtp Version <= 1.4.18
Martin LambersMsmtp Version0.2.5
   Martin LambersMsmtp Version0.2.5
   Martin LambersMsmtp Version0.2.5
Martin LambersMsmtp Version0.2.6
   Martin LambersMsmtp Version0.2.6
   Martin LambersMsmtp Version0.2.6
Martin LambersMsmtp Version0.3.0
   Martin LambersMsmtp Version0.3.0
   Martin LambersMsmtp Version0.3.0
Martin LambersMsmtp Version0.3.1
   Martin LambersMsmtp Version0.3.1
   Martin LambersMsmtp Version0.3.1
Martin LambersMsmtp Version0.4.0
   Martin LambersMsmtp Version0.4.0
   Martin LambersMsmtp Version0.4.0
Martin LambersMsmtp Version0.4.1
   Martin LambersMsmtp Version0.4.1
   Martin LambersMsmtp Version0.4.1
Martin LambersMsmtp Version0.4.2
   Martin LambersMsmtp Version0.4.2
   Martin LambersMsmtp Version0.4.2
Martin LambersMsmtp Version0.5.0
   Martin LambersMsmtp Version0.5.0
   Martin LambersMsmtp Version0.5.0
Martin LambersMsmtp Version0.5.1
   Martin LambersMsmtp Version0.5.1
   Martin LambersMsmtp Version0.5.1
Martin LambersMsmtp Version0.5.2
   Martin LambersMsmtp Version0.5.2
   Martin LambersMsmtp Version0.5.2
Martin LambersMsmtp Version0.5.3
   Martin LambersMsmtp Version0.5.3
   Martin LambersMsmtp Version0.5.3
Martin LambersMsmtp Version0.6.0
   Martin LambersMsmtp Version0.6.0
   Martin LambersMsmtp Version0.6.0
Martin LambersMsmtp Version0.6.1
   Martin LambersMsmtp Version0.6.1
   Martin LambersMsmtp Version0.6.1
Martin LambersMsmtp Version0.6.2
   Martin LambersMsmtp Version0.6.2
   Martin LambersMsmtp Version0.6.2
Martin LambersMsmtp Version0.6.3
   Martin LambersMsmtp Version0.6.3
   Martin LambersMsmtp Version0.6.3
Martin LambersMsmtp Version0.6.4
   Martin LambersMsmtp Version0.6.4
   Martin LambersMsmtp Version0.6.4
Martin LambersMsmtp Version0.6.5
   Martin LambersMsmtp Version0.6.5
   Martin LambersMsmtp Version0.6.5
Martin LambersMsmtp Version0.6.6
   Martin LambersMsmtp Version0.6.6
   Martin LambersMsmtp Version0.6.6
Martin LambersMsmtp Version0.7.0
   Martin LambersMsmtp Version0.7.0
   Martin LambersMsmtp Version0.7.0
Martin LambersMsmtp Version0.7.1
   Martin LambersMsmtp Version0.7.1
   Martin LambersMsmtp Version0.7.1
Martin LambersMsmtp Version0.7.2
   Martin LambersMsmtp Version0.7.2
   Martin LambersMsmtp Version0.7.2
Martin LambersMsmtp Version1.0.0
   Martin LambersMsmtp Version1.0.0
   Martin LambersMsmtp Version1.0.0
Martin LambersMsmtp Version1.2.1
   Martin LambersMsmtp Version1.2.1
   Martin LambersMsmtp Version1.2.1
Martin LambersMsmtp Version1.2.2
   Martin LambersMsmtp Version1.2.2
   Martin LambersMsmtp Version1.2.2
Martin LambersMsmtp Version1.2.3
   Martin LambersMsmtp Version1.2.3
   Martin LambersMsmtp Version1.2.3
Martin LambersMsmtp Version1.2.4
   Martin LambersMsmtp Version1.2.4
   Martin LambersMsmtp Version1.2.4
Martin LambersMsmtp Version1.4.0
   Martin LambersMsmtp Version1.4.0
   Martin LambersMsmtp Version1.4.0
Martin LambersMsmtp Version1.4.1
   Martin LambersMsmtp Version1.4.1
   Martin LambersMsmtp Version1.4.1
Martin LambersMsmtp Version1.4.2
   Martin LambersMsmtp Version1.4.2
   Martin LambersMsmtp Version1.4.2
Martin LambersMsmtp Version1.4.3
   Martin LambersMsmtp Version1.4.3
   Martin LambersMsmtp Version1.4.3
Martin LambersMsmtp Version1.4.4
   Martin LambersMsmtp Version1.4.4
   Martin LambersMsmtp Version1.4.4
Martin LambersMsmtp Version1.4.5
   Martin LambersMsmtp Version1.4.5
   Martin LambersMsmtp Version1.4.5
Martin LambersMsmtp Version1.4.6
   Martin LambersMsmtp Version1.4.6
   Martin LambersMsmtp Version1.4.6
Martin LambersMsmtp Version1.4.7
   Martin LambersMsmtp Version1.4.7
   Martin LambersMsmtp Version1.4.7
Martin LambersMsmtp Version1.4.8
   Martin LambersMsmtp Version1.4.8
   Martin LambersMsmtp Version1.4.8
Martin LambersMsmtp Version1.4.9
   Martin LambersMsmtp Version1.4.9
   Martin LambersMsmtp Version1.4.9
Martin LambersMsmtp Version1.4.10
   Martin LambersMsmtp Version1.4.10
   Martin LambersMsmtp Version1.4.10
Martin LambersMsmtp Version1.4.12
   Martin LambersMsmtp Version1.4.12
   Martin LambersMsmtp Version1.4.12
Martin LambersMsmtp Version1.4.13
   Martin LambersMsmtp Version1.4.13
   Martin LambersMsmtp Version1.4.13
Martin LambersMsmtp Version1.4.14
   Martin LambersMsmtp Version1.4.14
   Martin LambersMsmtp Version1.4.14
Martin LambersMsmtp Version1.4.15
   Martin LambersMsmtp Version1.4.15
   Martin LambersMsmtp Version1.4.15
Martin LambersMsmtp Version1.4.16
   Martin LambersMsmtp Version1.4.16
   Martin LambersMsmtp Version1.4.16
Martin LambersMsmtp Version1.4.17
   Martin LambersMsmtp Version1.4.17
   Martin LambersMsmtp Version1.4.17
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.377
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.