CVE-2024-34083

5.4 MEDIUM
Published: May 18, 2024 Modified: April 15, 2026
View on NVD

Description

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. Version 1.4.6 contains a patch for the issue.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/aio-libs/aiosmtpd/commit/b3a4a2c6ecfd228856a20d637dc383541fcdbfda
Source: security-advisories@github.com
https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-wgjv-9j3q-jhg8
Source: security-advisories@github.com
https://nostarttls.secvuln.info
Source: security-advisories@github.com
https://github.com/aio-libs/aiosmtpd/commit/b3a4a2c6ecfd228856a20d637dc383541fcdbfda
Source: af854a3a-2127-422b-91ae-364da2661108
https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-wgjv-9j3q-jhg8
Source: af854a3a-2127-422b-91ae-364da2661108
https://nostarttls.secvuln.info
Source: af854a3a-2127-422b-91ae-364da2661108

6 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.4 / 10.0
EPSS (Exploit Probability)
0.1%
21th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-349

Related CVEs

CVE-2026-0868 6.4
CVE-2026-6056 N/A
CVE-2026-41242 N/A
CVE-2026-40948 N/A
CVE-2026-2986 6.4