Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple¶
The e-mail module incorrectly parses e-mail addresses which contain a special character. This vulnerability allows attackers to send messages from e-ail addresses that would otherwise be rejected.
Dates:
- Disclosure date: 2023-03-24 (Python issue gh-102988 reported)
Vulnerable Versions¶
- Python 3.10 (need commit)
- Python 3.7 (need commit)
- Python 3.8 (need commit)
- Python 3.9 (need commit)
Python issue¶
[CVE-2023-27043] Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple.
- Python issue: gh-102988
- Creation date: 2023-03-24
- Reporter: tdwyer
CVE-2023-27043¶
The e-mail module of Python 0 - 2.7.18, 3.x - 3.11 incorrectly parses e-mail addresses which contain a special character. This vulnerability allows attackers to send messages from e-ail addresses that would otherwise be rejected.
- CVE ID: CVE-2023-27043
- Published: 2023-04-19
Timeline¶
Timeline using the disclosure date 2023-03-24 as reference:
- 2023-03-24: Python issue gh-102988 reported by tdwyer
- 2023-04-19 (+26 days): CVE-2023-27043 published