aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. Version 1.4.6 contains a patch for the issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-05-18T18:12:19.442Z
Updated: 2024-08-02T02:42:59.884Z
Reserved: 2024-04-30T06:56:33.384Z
Link: CVE-2024-34083
Vulnrichment
Updated: 2024-08-02T02:42:59.884Z
NVD
Status : Awaiting Analysis
Published: 2024-05-18T19:15:49.190
Modified: 2024-11-21T09:18:03.363
Link: CVE-2024-34083
Redhat
No data.