CVE-2023-27043

Updated: 2024-02-26 20:11:09.92051

Description:

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.3

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU python3 3.9.16 5.3 MEDIUM Released CLSA-2024:1711648611 2024-03-28 14:13:09
CentOS 6 ELS python 2.6.6 5.3 MEDIUM Ignored 2023-04-28 11:04:35
CentOS 7 ELS python 2.7.5 5.3 MEDIUM Released CLSA-2024:1711491407 2024-04-09 11:20:05
CentOS 7 ELS python3 3.6.8 5.3 MEDIUM Ignored 2023-09-19 09:30:15
CentOS 8.4 ELS python2 2.7.18 5.3 MEDIUM Ignored 2023-04-28 11:04:34
CentOS 8.4 ELS python3 3.6.8 5.3 MEDIUM Ignored 2023-04-28 11:04:34
CentOS 8.5 ELS python2 2.7.18 5.3 MEDIUM Ignored 2023-04-28 11:04:34
CentOS 8.5 ELS python3 3.6.8 5.3 MEDIUM Ignored 2023-04-28 11:04:34
CloudLinux 6 ELS python 2.6.6 5.3 MEDIUM Ignored 2023-04-28 11:04:35
Oracle Linux 6 ELS python 2.6.6 5.3 MEDIUM Ignored 2023-04-28 11:04:35
Total: 14