Email folding function Denial-of-Service

The email folding function enters an infinite loop if a header is longer than the policy maximum line length and contains many non-ASCII characters.

Regression introduced in Python 3.6.4.


  • Disclosure date: 2018-05-16 (Python issue bpo-33529 reported)

Fixed In

Python issue

[security] Infinite loop on folding email (_fold_as_ew()) if an header has no spaces.

  • Python issue: bpo-33529
  • Creation date: 2018-05-16
  • Reporter: Rad164


Timeline using the disclosure date 2018-05-16 as reference: