CVE-2024-27938

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Mar 11, 2024

Updated: Mar 12, 2024

CWE ID 116

Summary

CVE-2024-27938 is a vulnerability affecting Postal, an open-source SMTP server. Versions of Postal below 3.0.0 are susceptible to SMTP Smuggling attacks, which can result in incoming emails being spoofed. An attacker could potentially take advantage of this flaw by sending emails that appear to originate from authorized servers, deceiving recipients. Postal's outgoing emails are secure, as they are encoded with `<CR><LF>` line endings during transmission. To mitigate this issue, users are advised to upgrade to Postal version 3.0.0 or higher, which accepts only compliant End of DATA sequences. Incompatible sequences will be logged in the SMTP server log. There is no workaround for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database