Lucene search

Veracode Vulnerability DatabaseVERACODE:45852

HistoryMar 13, 2024 - 7:31 a.m.

SMTP Smuggling

2024-03-1307:31:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

aiosmtpd

vulnerability

inbound

smtp

smuggling

spoofed emails

fake sender addresses

phishing

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

aiosmtpd is vulnerable to inbound SMTP smuggling. The vulnerability is due to interpretation differences of the SMTP protocol, enabling attackers to send spoofed emails with fake sender addresses, facilitating advanced phishing attacks.

CPENameOperatorVersion
aiosmtpdle1.4.4
aiosmtpdle1.4.4

CPE	Name	Operator	Version
	aiosmtpd	le	1.4.4
	aiosmtpd	le	1.4.4

References

github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb

github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65

www.postfix.org/smtp-smuggling.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for VERACODE:45852