CVE-2014-2576
claws-mail < 3.10.0 - SSL Hostname Verification Bypass in RSSyl Plugin
Title source: llmDescription
plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60422
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-10/msg00015.html
Vendor Advisory x_refsource_confirm
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/636
Product mailing-list
x_refsource_mlist
http://sourceforge.net/p/claws-mail/news/2014/05/claws-mail-3100-unleashed/
Scores
EPSS
0.0200
EPSS Percentile
78.5%
Details
CWE
CWE-310
Status
published
Products (3)
claws-mail/claws-mail
< 3.9.3
opensuse/opensuse
12.3
opensuse/opensuse
13.1
Published
Oct 15, 2014
Tracked Since
Feb 18, 2026