The e-mail module incorrectly parses e-mail addresses which contain a special character. This vulnerability allows attackers to send messages from e-ail addresses that would otherwise be rejected.
Dates:
Disclosure date: 2023-03-24 (Python issue gh-102988 reported)
Python 3.10 (need commit)
Python 3.7 (need commit)
Python 3.8 (need commit)
Python 3.9 (need commit)
[CVE-2023-27043] Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple.
Python issue: gh-102988
Creation date: 2023-03-24
Reporter: tdwyer
The e-mail module of Python 0 - 2.7.18, 3.x - 3.11 incorrectly parses e-mail addresses which contain a special character. This vulnerability allows attackers to send messages from e-ail addresses that would otherwise be rejected.
CVE ID: CVE-2023-27043
Published: 2023-04-19
Timeline using the disclosure date 2023-03-24 as reference:
2023-03-24: Python issue gh-102988 reported by tdwyer
2023-04-19 (+26 days): CVE-2023-27043 published
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4