Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple¶

Warning

This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.

The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the Open Source Vulnerability Database.

The e-mail module incorrectly parses e-mail addresses which contain a special character. This vulnerability allows attackers to send messages from e-ail addresses that would otherwise be rejected.

Dates:

Disclosure date: 2023-03-24 (Python issue gh-102988 reported)

Vulnerable Versions¶

Python 3.10 (need commit)
Python 3.7 (need commit)
Python 3.8 (need commit)
Python 3.9 (need commit)

Python issue¶

[CVE-2023-27043] Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple.

Python issue: gh-102988
Creation date: 2023-03-24
Reporter: tdwyer

CVE-2023-27043¶

The e-mail module of Python 0 - 2.7.18, 3.x - 3.11 incorrectly parses e-mail addresses which contain a special character. This vulnerability allows attackers to send messages from e-ail addresses that would otherwise be rejected.

CVE ID: CVE-2023-27043
Published: 2023-04-19

Timeline¶

Timeline using the disclosure date 2023-03-24 as reference:

2023-03-24: Python issue gh-102988 reported by tdwyer
2023-04-19 (+26 days): CVE-2023-27043 published

Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple¶

Vulnerable Versions¶

Python issue¶

CVE-2023-27043¶

Timeline¶

Table of Contents

Previous topic

Next topic

This Page