aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. Version 1.4.6 contains a patch for the issue.
References
Configurations
No configuration.
History
21 Nov 2024, 09:18
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://github.com/aio-libs/aiosmtpd/commit/b3a4a2c6ecfd228856a20d637dc383541fcdbfda - | |
References | () https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-wgjv-9j3q-jhg8 - | |
References | () https://nostarttls.secvuln.info - |
18 May 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-18 19:15
Updated : 2024-11-21 09:18
NVD link : CVE-2024-34083
Mitre link : CVE-2024-34083
CVE.ORG link : CVE-2024-34083
JSON object : View
Products Affected
No product.
CWE
CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data