aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. Version 1.4.6 contains a patch for the issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-05-18T18:12:19.442Z

Updated: 2024-08-02T02:42:59.884Z

Reserved: 2024-04-30T06:56:33.384Z

Link: CVE-2024-34083

cve-icon Vulnrichment

Updated: 2024-08-02T02:42:59.884Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-18T19:15:49.190

Modified: 2024-11-21T09:18:03.363

Link: CVE-2024-34083

cve-icon Redhat

No data.