Email folding function Denial-of-Service

Warning

This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.

The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This database can be viewed online at the Open Source Vulnerability Database.

The email folding function enters an infinite loop if a header is longer than the policy maximum line length and contains many non-ASCII characters.

Regression introduced in Python 3.6.4.

Dates:

• Disclosure date: 2018-05-16 (Python issue bpo-33529 reported)

Fixed In

• Python 3.6.9 (2019-07-02) fixed by commit 516a6a2 (branch 3.6) (2019-06-18)
• Python 3.7.4 (2019-07-08) fixed by commit 2fef5b0 (branch 3.7) (2019-05-14)
• Python 3.8.0 (2019-10-14) fixed by commit c1f5667 (branch 3.8) (2019-05-14)

Python issue

[security] Infinite loop on folding email (_fold_as_ew()) if an header has no spaces.

• Python issue: bpo-33529
• Creation date: 2018-05-16
• Reporter: Rad164

Timeline

Timeline using the disclosure date 2018-05-16 as reference:

• 2018-05-16: Python issue bpo-33529 reported by Rad164
• 2019-05-14 (+363 days): commit 2fef5b0 (branch 3.7)
• 2019-05-14 (+363 days): commit c1f5667 (branch 3.8)
• 2019-06-18 (+398 days): commit 516a6a2 (branch 3.6)
• 2019-07-02 (+412 days): Python 3.6.9 released
• 2019-07-08 (+418 days): Python 3.7.4 released
• 2019-10-14: Python 3.8.0 released