Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-34083
HistoryMay 18, 2024 - 7:15 p.m.

CVE-2024-34083

2024-05-1819:15:49
CWE-349
[email protected]
web.nvd.nist.gov
1
aiosmtpd
reimplementation
vulnerability
starttls
encryption
man-in-the-middle
patch

CVSS3

5.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0

Percentile

15.5%

JSON

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. Version 1.4.6 contains a patch for the issue.

Related

debiancve 1
osv 3
ubuntucve 1
cve 1
vulnrichment 1
veracode 1
github 1
cvelist 1
nessus 1
openvas 1
debiancve
debiancve
CVE-2024-34083
2024-05-18 19:15:49
osv
osv
aiosmtpd STARTTLS unencrypted commands injection
2024-05-20 14:59:07
CVE-2024-34083
2024-05-18 19:15:49
Security update for python-aiosmtpd
2024-08-16 04:02:47
ubuntucve
ubuntucve
CVE-2024-34083
2024-05-18 00:00:00
cve
cve
CVE-2024-34083
2024-05-18 19:15:49
vulnrichment
vulnrichment
CVE-2024-34083 STARTTLS unencrypted commands injection
2024-05-18 18:12:19
veracode
veracode
Man-in-the-Middle (MITM)
2024-05-22 07:08:47
github
github
aiosmtpd STARTTLS unencrypted commands injection
2024-05-20 14:59:07
cvelist
cvelist
CVE-2024-34083 STARTTLS unencrypted commands injection
2024-05-18 18:12:19
nessus
nessus
openSUSE 15 Security Update : python-aiosmtpd (openSUSE-SU-2024:0243-1)
2024-08-17 00:00:00
openvas
openvas
openSUSE: Security Advisory for python (openSUSE-SU-2024:0243-1)
2024-08-17 00:00:00

CVSS3

5.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0

Percentile

15.5%

JSON
Related for NVD:CVE-2024-34083
debiancve1osv3ubuntucve1cve1vulnrichment1veracode1github1cvelist1nessus1openvas1