Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2024-34083
HistoryMay 18, 2024 - 7:15 p.m.

CVE-2024-34083

2024-05-1819:15:49
Google
osv.dev
6
aiosmtpd
python
asyncio
smtpd.py
starttls
vulnerability
patch
security issue
man-in-the-middle
unencrypted commands

CVSS3

5.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.9

Confidence

High

EPSS

0

Percentile

15.5%

JSON

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. Version 1.4.6 contains a patch for the issue.

Related

osv 2
debiancve 1
ubuntucve 1
cve 1
vulnrichment 1
veracode 1
nvd 1
github 1
cvelist 1
nessus 1
openvas 1
osv
osv
aiosmtpd STARTTLS unencrypted commands injection
2024-05-20 14:59:07
Security update for python-aiosmtpd
2024-08-16 04:02:47
debiancve
debiancve
CVE-2024-34083
2024-05-18 19:15:49
ubuntucve
ubuntucve
CVE-2024-34083
2024-05-18 00:00:00
cve
cve
CVE-2024-34083
2024-05-18 19:15:49
vulnrichment
vulnrichment
CVE-2024-34083 STARTTLS unencrypted commands injection
2024-05-18 18:12:19
veracode
veracode
Man-in-the-Middle (MITM)
2024-05-22 07:08:47
nvd
nvd
CVE-2024-34083
2024-05-18 19:15:49
github
github
aiosmtpd STARTTLS unencrypted commands injection
2024-05-20 14:59:07
cvelist
cvelist
CVE-2024-34083 STARTTLS unencrypted commands injection
2024-05-18 18:12:19
nessus
nessus
openSUSE 15 Security Update : python-aiosmtpd (openSUSE-SU-2024:0243-1)
2024-08-17 00:00:00
openvas
openvas
openSUSE: Security Advisory for python (openSUSE-SU-2024:0243-1)
2024-08-17 00:00:00

CVSS3

5.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.9

Confidence

High

EPSS

0

Percentile

15.5%

JSON
Related for OSV:CVE-2024-34083
osv2debiancve1ubuntucve1cve1vulnrichment1veracode1nvd1github1cvelist1nessus1openvas1