CVE-2023-27043
Summary
| CVE | CVE-2023-27043 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-04-19 00:15:07 UTC |
| Updated | 2026-05-12 11:16:11 UTC |
| Description | The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. |
Risk And Classification
Primary CVSS: v3.1 5.3 MEDIUM from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Problem Types: CWE-20 | CWE-1286 | n/a | CWE-20 CWE-20 Improper Input Validation | CWE-1286 CWE-1286 Improper Validation of Syntactic Correctness of Input
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
| 3.1 | ADP | DECLARED | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
LowAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 38 | All | All | All |
| Operating System | Fedoraproject | Fedora | 39 | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Netapp | Ontap Select Deploy Administration Utility | - | All | All | All |
| Application | Python | Python | All | All | All | All |
| Application | Python | Python | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Na | N/a | affected n/a | Not specified |
| ADP | Siemens | RUGGEDCOM ROX MX5000 | affected V2.17.1 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX MX5000RE | affected V2.17.1 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX RX1400 | affected V2.17.1 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX RX1500 | affected V2.17.1 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX RX1501 | affected V2.17.1 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX RX1510 | affected V2.17.1 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX RX1511 | affected V2.17.1 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX RX1512 | affected V2.17.1 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX RX1524 | affected V2.17.1 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX RX1536 | affected V2.17.1 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX RX5000 | affected V2.17.1 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX MX5000 | affected V2.17.0 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX MX5000RE | affected V2.17.0 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX RX1400 | affected V2.17.0 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX RX1500 | affected V2.17.0 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX RX1501 | affected V2.17.0 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX RX1510 | affected V2.17.0 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX RX1511 | affected V2.17.0 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX RX1512 | affected V2.17.0 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX RX1524 | affected V2.17.0 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX RX1536 | affected V2.17.0 custom | Not specified |
| ADP | Siemens | RUGGEDCOM ROX RX5000 | affected V2.17.0 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| seclists.org/fulldisclosure/2025/Apr/8 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| [SECURITY] Fedora 38 Update: python2.7-2.7.18-37.fc38 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| CVE-2023-27043 Python Vulnerability in NetApp Products | NetApp Product Security | af854a3a-2127-422b-91ae-364da2661108 | security.netapp.com | Third Party Advisory |
| lists.debian.org/debian-lts-announce/2024/12/msg00000.html | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| [SECURITY] Fedora 39 Update: python3.6-3.6.15-22.fc39 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| cert-portal.siemens.com/productcert/html/ssa-577017.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| Welcome to Python.org | af854a3a-2127-422b-91ae-364da2661108 | python.org | Vendor Advisory |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.debian.org/debian-lts-announce/2024/11/msg00024.html | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | |
| cert-portal.siemens.com/productcert/html/ssa-202008.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple · Issue #102988 · python/cpython · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Exploit, Issue Tracking |
| Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple — Python Security 0.0 documentation | af854a3a-2127-422b-91ae-364da2661108 | python-security.readthedocs.io | Vendor Advisory |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| lists.fedoraproject.org/archives/list/[email protected]/messag... | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| [SECURITY] Fedora 39 Update: python2.7-2.7.18-37.fc39 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Third Party Advisory |
| Pink Label, create your own cam site | MITRE | python.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 161290 Oracle Enterprise Linux Security Update for python3 (ELSA-2024-0256)
- 161311 Oracle Enterprise Linux Security Update for python3.9 (ELSA-2024-0466)
- 242698 Red Hat Update for python3 (RHSA-2024:0256)
- 242742 Red Hat Update for python3 (RHSA-2024:0430)
- 242746 Red Hat Update for python3.9 (RHSA-2024:0466)
- 242751 Red Hat Update for python3.9 (RHSA-2024:0454)
- 242804 Red Hat Update for python3 (RHSA-2024:0586)
- 284832 Fedora Security Update for python3.6 (FEDORA-2023-b245e992ea)
- 284833 Fedora Security Update for python3.7 (FEDORA-2023-7d223ee343)
- 284834 Fedora Security Update for python3.12 (FEDORA-2023-c0bf8c0c4e)
- 284835 Fedora Security Update for python3.8 (FEDORA-2023-f96ff39b59)
- 284836 Fedora Security Update for python3.9 (FEDORA-2023-8085628fff)
- 284837 Fedora Security Update for python3.10 (FEDORA-2023-d01f8a69b4)
- 284843 Fedora Security Update for python3 (FEDORA-2023-0583eedde7)
- 284851 Fedora Security Update for python2.7 (FEDORA-2024-3ab90a5b01)
- 284935 Fedora Security Update for mingw (FEDORA-2024-94e0390e4e)
- 284974 Fedora Security Update for mingw (FEDORA-2024-8df4ac93d7)
- 285069 Fedora Security Update for python2.7 (FEDORA-2024-06ff0a6def)
- 285081 Fedora Security Update for python3.6 (FEDORA-2023-88fbb78cd3)
- 285082 Fedora Security Update for python3.7 (FEDORA-2023-555b4d49b1)
- 285083 Fedora Security Update for python3.8 (FEDORA-2023-1bb427c240)
- 285084 Fedora Security Update for python3.9 (FEDORA-2023-2f86a608b2)
- 285085 Fedora Security Update for python3.12 (FEDORA-2023-d577604e6a)
- 285086 Fedora Security Update for python3.11 (FEDORA-2023-87771f4249)
- 285087 Fedora Security Update for python3.10 (FEDORA-2023-c61a7d5227)
- 355634 Amazon Linux Security Advisory for python3.11 : ALAS2023-2023-252
- 378567 Python Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple
- 379638 Alibaba Cloud Linux Security Update for python3 (ALINUX3-SA-2024:0040)
- 755169 SUSE Enterprise Linux Security Update for python (SUSE-SU-2023:4220-1)
- 755707 SUSE Enterprise Linux Security Update for python (SUSE-SU-2024:0329-1)
- 755733 SUSE Enterprise Linux Security Update for python (SUSE-SU-2024:0437-1)
- 755734 SUSE Enterprise Linux Security Update for python36 (SUSE-SU-2024:0436-1)
- 755737 SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2024:0438-1)
- 755816 SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2024:0581-1)
- 755827 SUSE Enterprise Linux Security Update for python310 (SUSE-SU-2024:0595-1)
- 755828 SUSE Enterprise Linux Security Update for python310 (SUSE-SU-2024:0595-1)
- 755915 SUSE Enterprise Linux Security Update for python (SUSE-SU-2024:0329-2)
- 755917 SUSE Enterprise Linux Security Update for python311 (SUSE-SU-2024:0782-1)
- 755919 SUSE Enterprise Linux Security Update for python39 (SUSE-SU-2024:0784-1)
- 941534 AlmaLinux Security Update for python3 (ALSA-2024:0256)
- 941552 AlmaLinux Security Update for python3.9 (ALSA-2024:0466)
- 961108 Rocky Linux Security Update for python3 (RLSA-2024:0256)