Lucene search
PRIOn knowledge basePRION:CVE-2024-27305HistoryMar 12, 2024 - 9:15 p.m.
Design/Logic Flaw
2024-03-1221:15:00
PRIOn knowledge base
www.prio-n.com
6
aiosmtpd
smtp smuggling
spoofed emails
fake sender addresses
phishing attacks
postfix
vulnerability
upgrade
aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send smuggle/spoof e-mails with fake sender addresses, allowing advanced phishing attacks. This issue is also existed in other SMTP software like Postfix. With the right SMTP server constellation, an attacker can send spoofed e-mails to inbound/receiving aiosmtpd instances. This issue has been addressed in version 1.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Related
osv
osv
aiosmtpd vulnerable to SMTP smuggling
2024-03-13 15:33:14
CVE-2024-27305
2024-03-12 21:15:58
ubuntucve
ubuntucve
CVE-2024-27305
2024-03-12 00:00:00
github
github
aiosmtpd vulnerable to SMTP smuggling
2024-03-13 15:33:14
debiancve
debiancve
CVE-2024-27305
2024-03-12 21:15:58
cvelist
cvelist
CVE-2024-27305 SMTP smuggling in aiosmtpd
2024-03-12 20:29:54
veracode
veracode
SMTP Smuggling
2024-03-13 07:31:39
cve
cve
CVE-2024-27305
2024-03-12 21:15:58
nvd
nvd
CVE-2024-27305
2024-03-12 21:15:58