Workflow

PyPi: Aiosmtpd

CVE-2024-27305

Safety vulnerability ID: 66968

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 12, 2024 Updated at Nov 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send smuggle/spoof e-mails with fake sender addresses, allowing advanced phishing attacks. This issue is also existed in other SMTP software like Postfix. With the right SMTP server constellation, an attacker can send spoofed e-mails to inbound/receiving aiosmtpd instances. This issue has been addressed in version 1.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. See CVE-2024-27305.

Affected package

aiosmtpd

Latest version: 1.4.6

aiosmtpd - asyncio based SMTP server

Affected versions

Fixed versions

Vulnerability changelog

aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send smuggle/spoof e-mails with fake sender addresses, allowing advanced phishing attacks. This issue is also existed in other SMTP software like Postfix. With the right SMTP server constellation, an attacker can send spoofed e-mails to inbound/receiving aiosmtpd instances. This issue has been addressed in version 1.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. See CVE-2024-27305.


MISC:https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb: https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb
MISC:https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65: https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65
MISC:https://www.postfix.org/smtp-smuggling.html: https://www.postfix.org/smtp-smuggling.html

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application