Limit imaplib.IMAP4_SSL.readline()¶

The imaplib module doesn’t limit the amount of read data in its call to IMAP4_SSL.readline(). An erroneous or malicious IMAP server can trick the imaplib module to consume large amounts of memory.

Disclosure date: 2012-09-25 (Python issue bpo-16039 reported)

Fixed In¶

Python 2.7.16 (2019-03-02) fixed by commit 16d6320 (branch 2.7) (2018-12-12)

Python issue¶

imaplib: unlimited readline() from connection.

Python issue: bpo-16039
Creation date: 2012-09-25
Reporter: Christian Heimes

Timeline¶

Timeline using the disclosure date 2012-09-25 as reference:

2012-09-25: Python issue bpo-16039 reported by Christian Heimes
2018-12-12 (+2269 days): commit 16d6320 (branch 2.7)
2019-03-02 (+2349 days): Python 2.7.16 released

Links¶

https://www.cvedetails.com/cve/CVE-2013-1752/

Read the Docs v: latest

Versions: latest

Downloads: pdf; html; epub

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.