DEBIAN-CVE-2016-0772

DEBIAN-CVE-2016-0772 PUBLISHED CVSS 6.5 MEDIUM

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

Risk Scores

CVSS v3.0

6.5

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian:11	python2.7	0, 0, 0

Timeline

Sep 2, 2016 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2016-0772 advisory

Open in Interactive Console →