Back to search
CVE-2016-0772
Published: Sep 2, 2016
Modified: Aug 5, 2024
PUBLISHED
Description
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://hg.python.org/cpython/rev/d590114c2394
x_refsource_CONFIRM
http://www.splunk.com/view/SP-CAAAPUE
x_refsource_CONFIRM
RHSA-2016:1630
vendor-advisory
x_refsource_REDHAT
RHSA-2016:1627
vendor-advisory
x_refsource_REDHAT
https://hg.python.org/cpython/rev/b3ce713fb9be
x_refsource_CONFIRM
RHSA-2016:1629
vendor-advisory
x_refsource_REDHAT
http://www.splunk.com/view/SP-CAAAPSV
x_refsource_CONFIRM
[debian-lts-announce] 20190207 [SECURITY] [DLA 1663-1] python3.4 security update
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1303647
x_refsource_CONFIRM
https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5
x_refsource_CONFIRM
[oss-security] 20160614 Python CVE-2016-0772: smtplib StartTLS stripping attack
mailing-list
x_refsource_MLIST
https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS
x_refsource_CONFIRM
GLSA-201701-18
vendor-advisory
x_refsource_GENTOO
https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2
x_refsource_CONFIRM
91225
vdb-entry
x_refsource_BID
RHSA-2016:1628
vendor-advisory
x_refsource_REDHAT
RHSA-2016:1626
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2020:0086
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now