CVE-2023-27043
Summary
| CVE | CVE-2023-27043 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-04-19 00:15:00 UTC |
| Updated | 2024-02-05 07:15:00 UTC |
| Description | The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| FEDORA-2023-b245e992ea | lists.fedoraproject.org | ||
| Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple — Python Security 0.0 documentation | CONFIRM | python-security.readthedocs.io | |
| FEDORA-2023-f96ff39b59 | lists.fedoraproject.org | ||
| FEDORA-2023-87771f4249 | lists.fedoraproject.org | ||
| FEDORA-2023-7d223ee343 | lists.fedoraproject.org | ||
| Welcome to Python.org | MISC | python.org | |
| [SECURITY] Fedora 39 Update: python2.7-2.7.18-37.fc39 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| FEDORA-2023-c0bf8c0c4e | lists.fedoraproject.org | ||
| FEDORA-2023-2f86a608b2 | lists.fedoraproject.org | ||
| FEDORA-2023-555b4d49b1 | lists.fedoraproject.org | ||
| CVE-2023-27043 Python Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| FEDORA-2023-c61a7d5227 | lists.fedoraproject.org | ||
| Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple · Issue #102988 · python/cpython · GitHub | MISC | github.com | |
| [SECURITY] Fedora 39 Update: python3.6-3.6.15-22.fc39 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| FEDORA-2023-0583eedde7 | lists.fedoraproject.org | ||
| Pink Label, create your own cam site | MISC | python.com | |
| FEDORA-2023-8085628fff | lists.fedoraproject.org | ||
| [SECURITY] Fedora 38 Update: python2.7-2.7.18-37.fc38 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| FEDORA-2023-d01f8a69b4 | lists.fedoraproject.org | ||
| FEDORA-2023-d577604e6a | lists.fedoraproject.org | ||
| FEDORA-2023-0583eedde7 | lists.fedoraproject.org | ||
| FEDORA-2023-1bb427c240 | lists.fedoraproject.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 161290 Oracle Enterprise Linux Security Update for python3 (ELSA-2024-0256)
- 161311 Oracle Enterprise Linux Security Update for python3.9 (ELSA-2024-0466)
- 242698 Red Hat Update for python3 (RHSA-2024:0256)
- 242742 Red Hat Update for python3 (RHSA-2024:0430)
- 242746 Red Hat Update for python3.9 (RHSA-2024:0466)
- 242751 Red Hat Update for python3.9 (RHSA-2024:0454)
- 242804 Red Hat Update for python3 (RHSA-2024:0586)
- 284832 Fedora Security Update for python3.6 (FEDORA-2023-b245e992ea)
- 284833 Fedora Security Update for python3.7 (FEDORA-2023-7d223ee343)
- 284834 Fedora Security Update for python3.12 (FEDORA-2023-c0bf8c0c4e)
- 284835 Fedora Security Update for python3.8 (FEDORA-2023-f96ff39b59)
- 284836 Fedora Security Update for python3.9 (FEDORA-2023-8085628fff)
- 284837 Fedora Security Update for python3.10 (FEDORA-2023-d01f8a69b4)
- 284843 Fedora Security Update for python3 (FEDORA-2023-0583eedde7)
- 284851 Fedora Security Update for python2.7 (FEDORA-2024-3ab90a5b01)
- 284935 Fedora Security Update for mingw (FEDORA-2024-94e0390e4e)
- 284974 Fedora Security Update for mingw (FEDORA-2024-8df4ac93d7)
- 285069 Fedora Security Update for python2.7 (FEDORA-2024-06ff0a6def)
- 285081 Fedora Security Update for python3.6 (FEDORA-2023-88fbb78cd3)
- 285082 Fedora Security Update for python3.7 (FEDORA-2023-555b4d49b1)
- 285083 Fedora Security Update for python3.8 (FEDORA-2023-1bb427c240)
- 285084 Fedora Security Update for python3.9 (FEDORA-2023-2f86a608b2)
- 285085 Fedora Security Update for python3.12 (FEDORA-2023-d577604e6a)
- 285086 Fedora Security Update for python3.11 (FEDORA-2023-87771f4249)
- 285087 Fedora Security Update for python3.10 (FEDORA-2023-c61a7d5227)
- 355634 Amazon Linux Security Advisory for python3.11 : ALAS2023-2023-252
- 378567 Python Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple
- 379638 Alibaba Cloud Linux Security Update for python3 (ALINUX3-SA-2024:0040)
- 755169 SUSE Enterprise Linux Security Update for python (SUSE-SU-2023:4220-1)
- 755707 SUSE Enterprise Linux Security Update for python (SUSE-SU-2024:0329-1)
- 755733 SUSE Enterprise Linux Security Update for python (SUSE-SU-2024:0437-1)
- 755734 SUSE Enterprise Linux Security Update for python36 (SUSE-SU-2024:0436-1)
- 755737 SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2024:0438-1)
- 755816 SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2024:0581-1)
- 755827 SUSE Enterprise Linux Security Update for python310 (SUSE-SU-2024:0595-1)
- 755828 SUSE Enterprise Linux Security Update for python310 (SUSE-SU-2024:0595-1)
- 755915 SUSE Enterprise Linux Security Update for python (SUSE-SU-2024:0329-2)
- 755917 SUSE Enterprise Linux Security Update for python311 (SUSE-SU-2024:0782-1)
- 755919 SUSE Enterprise Linux Security Update for python39 (SUSE-SU-2024:0784-1)
- 941534 AlmaLinux Security Update for python3 (ALSA-2024:0256)
- 941552 AlmaLinux Security Update for python3.9 (ALSA-2024:0466)
- 961108 Rocky Linux Security Update for python3 (RLSA-2024:0256)