STARTTLS command buffer smuggling was already a known issue long before 2014. In particular, the deluge of CVEs for MTAs started in early 2011, and it was obvious from the nature of the issue that it wasn't limited to SMTP, but rather pertained to lower level I/O interfaces common to network facing servers generally.

I believe Postfix had the honor of the first CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411 There would be another 7 CVEs for command injection in other servers before the end of 2011. (https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=starttls)