CVE-2014-2576

EPSS 0.67%

發布日:2014/10/15修改日:2026/4/28

也稱為:DEBIAN-CVE-2014-2576

描述

plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.

受影響套件(1)

Debian/claws-mailfrom 0, < 3.10.1-1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-2576