aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. Version 1.4.6 contains a patch for the issue.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-05-18T18:12:19.442Z
Updated: 2024-06-04T17:42:19.001Z
Reserved: 2024-04-30T06:56:33.384Z
Link: CVE-2024-34083
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-05-18T19:15:49.190
Modified: 2024-05-20T13:00:34.807
Link: CVE-2024-34083
JSON object: View
Redhat Information
No data.
CWE