Description

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. Version 1.4.6 contains a patch for the issue.

INFO

Published Date :

2024-05-18T18:12:19.442Z

Last Modified :

2024-08-02T02:42:59.884Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-34083 vulnerability.

Vendors Products
Aio-libs
  • Aiosmtpd
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-34083.

URL Resource
https://github.com/aio-libs/aiosmtpd/commit/b3a4a2c6ecfd228856a20d637dc383541fcdbfda cve-icon cve-icon cve-icon
https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-wgjv-9j3q-jhg8 cve-icon cve-icon cve-icon
https://nostarttls.secvuln.info cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact