Home > Vulnerability Database > CVE-2024-27305

Mend.io Vulnerability Database

CVE-2024-27305

Good to know:

Date: March 12, 2024

aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send smuggle/spoof e-mails with fake sender addresses, allowing advanced phishing attacks. This issue is also existed in other SMTP software like Postfix. With the right SMTP server constellation, an attacker can send spoofed e-mails to inbound/receiving aiosmtpd instances. This issue has been addressed in version 1.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: Python

Severity Score

5.3

Related Resources (5)

Url: https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65

Url: https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-27305

Url: https://www.postfix.org/smtp-smuggling.html

Url: https://www.mend.io/vulnerability-database/CVE-2024-27305

Severity Score

5.3

Weakness Type (CWE)

Insufficient Verification of Data Authenticity

CWE-345

Top Fix

Upgrade Version

Upgrade to version aiosmtpd - 1.4.5

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-27305

Good to know:

Date: March 12, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?