Home > Vulnerability Database > CVE-2024-34083

Mend.io Vulnerability Database

CVE-2024-34083

Good to know:

Date: May 18, 2024

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. Version 1.4.6 contains a patch for the issue.

Language: Python

Severity Score

5.4

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-34083

Url: https://github.com/aio-libs/aiosmtpd

Url: https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-wgjv-9j3q-jhg8

Url: https://nostarttls.secvuln.info

Url: https://github.com/aio-libs/aiosmtpd/commit/b3a4a2c6ecfd228856a20d637dc383541fcdbfda

Url: https://security-tracker.debian.org/tracker/CVE-2024-34083

Url: https://www.mend.io/vulnerability-database/CVE-2024-34083

Severity Score

5.4

Weakness Type (CWE)

Acceptance of Extraneous Untrusted Data With Trusted Data

CWE-349

Top Fix

Upgrade Version

Upgrade to version aiosmtpd - 1.4.6

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-34083

Good to know:

Date: May 18, 2024

Language: Python

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?