5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.5%
aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on
asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling
is a novel vulnerability based on not so novel interpretation differences
of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send
smuggle/spoof e-mails with fake sender addresses, allowing advanced
phishing attacks. This issue is also existed in other SMTP software like
Postfix. With the right SMTP server constellation, an attacker can send
spoofed e-mails to inbound/receiving aiosmtpd instances. This issue has
been addressed in version 1.4.5. Users are advised to upgrade. There are no
known workarounds for this vulnerability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | python-aiosmtpd | < any | UNKNOWN |
ubuntu | 20.04 | noarch | python-aiosmtpd | < any | UNKNOWN |
ubuntu | 22.04 | noarch | python-aiosmtpd | < any | UNKNOWN |
ubuntu | 23.10 | noarch | python-aiosmtpd | < any | UNKNOWN |
ubuntu | 24.04 | noarch | python-aiosmtpd | < any | UNKNOWN |
github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb
github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb (1.4.5)
github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65
launchpad.net/bugs/cve/CVE-2024-27305
nvd.nist.gov/vuln/detail/CVE-2024-27305
security-tracker.debian.org/tracker/CVE-2024-27305
www.cve.org/CVERecord?id=CVE-2024-27305
www.postfix.org/smtp-smuggling.html
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.5%