CVE-2024-27305
| Summary |
aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send smuggle/spoof e-mails with fake sender addresses, allowing advanced phishing attacks. This issue is also existed in other SMTP software like Postfix. With the right SMTP server constellation, an attacker can send spoofed e-mails to inbound/receiving aiosmtpd instances. This issue has been addressed in version 1.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
| Publication Date |
March 13, 2024, 6:15 a.m. |
| Registration Date |
March 13, 2024, 10 a.m. |
| Last Update |
Nov. 21, 2024, 6:04 p.m. |
Related information, measures and tools
Common Vulnerabilities List
JVN Vulnerability Information
aio-libs project の aiosmtpd におけるデータの信頼性についての不十分な検証に関する脆弱性
| Title |
aio-libs project の aiosmtpd におけるデータの信頼性についての不十分な検証に関する脆弱性
|
| Summary |
aio-libs project の aiosmtpd には、データの信頼性についての不十分な検証に関する脆弱性が存在します。
|
| Possible impacts |
情報を改ざんされる可能性があります。 |
| Solution |
ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。 |
| Publication Date |
March 12, 2024, midnight |
| Registration Date |
Jan. 23, 2025, 2:45 p.m. |
| Last Update |
Jan. 23, 2025, 2:45 p.m. |
Affected System
| aio-libs project |
|
aiosmtpd 1.4.5 未満
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
その他
Change Log
| No |
Changed Details |
Date of change |
| 1 |
[2025年01月23日] 掲載 |
Jan. 23, 2025, 11:54 a.m. |