smtplib unlimited read

The smtplib module doesn’t limit the amount of read data in its call to readline(). An erroneous or malicious SMTP server can trick the smtplib module to consume large amounts of memory.

• Disclosure date: 2012-09-25 (Python issue bpo-16042 reported)
• Red Hat impact: Moderate

Fixed In

• Python 2.7.9 (2014-12-10) fixed by commit dabfc56 (branch 2.7) (2014-12-06)
• Python 3.2.6 (2014-10-11) fixed by commit 210ee47 (branch 3.2) (2014-09-30)
• Python 3.3.7 (2017-09-19) fixed by commit 210ee47 (branch 3.2) (2014-09-30)
• Python 3.4.3 (2015-02-23) fixed by commit 210ee47 (branch 3.2) (2014-09-30)
• Python 3.5.0 (2015-09-09) fixed by commit 210ee47 (branch 3.2) (2014-09-30)

Python issue

smtplib: unlimited readline() from connection.

• Python issue: bpo-16042
• Creation date: 2012-09-25
• Reporter: Christian Heimes

Timeline

Timeline using the disclosure date 2012-09-25 as reference:

• 2012-09-25: Python issue bpo-16042 reported by Christian Heimes
• 2014-09-30 (+735 days): commit 210ee47 (branch 3.2)
• 2014-10-11 (+746 days): Python 3.2.6 released
• 2014-12-06 (+802 days): commit dabfc56 (branch 2.7)
• 2014-12-10 (+806 days): Python 2.7.9 released
• 2015-02-23 (+881 days): Python 3.4.3 released
• 2015-09-09: Python 3.5.0 released
• 2017-09-19 (+1820 days): Python 3.3.7 released

Links

• https://access.redhat.com/security/cve/cve-2013-1752
• https://www.cvedetails.com/cve/CVE-2013-1752/