Lucene search
GitHub_MCVELIST:CVE-2024-34083HistoryMay 18, 2024 - 6:12 p.m.
CVE-2024-34083 STARTTLS unencrypted commands injection
2024-05-1818:12:19
CWE-349
GitHub_M
raw.githubusercontent.com
7
cve-2024-34083
python stdlib
asyncio
servers
man-in-the-middle attack
patch.
0.0004 Low
EPSS
Percentile
15.1%
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. Version 1.4.6 contains a patch for the issue.
Related
osv
osv
aiosmtpd STARTTLS unencrypted commands injection
2024-05-20 14:59:07
CVE-2024-34083
2024-05-18 19:15:49
debiancve
debiancve
CVE-2024-34083
2024-05-18 19:15:49
github
github
aiosmtpd STARTTLS unencrypted commands injection
2024-05-20 14:59:07
veracode
veracode
Man-in-the-Middle (MITM)
2024-05-22 07:08:47
cve
cve
CVE-2024-34083
2024-05-18 19:15:49
ubuntucve
ubuntucve
CVE-2024-34083
2024-05-18 00:00:00