CVE-2014-2576
EPSS 0.67%Published: 10/15/2014Modified: 4/28/2026
Description
plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.
Affected packages (1)
- Debian/claws-mailfrom 0, < 3.10.1-1