{"api_version":"1","generated_at":"2026-04-23T06:20:15+00:00","cve":"CVE-2023-27043","urls":{"html":"https://cve.report/CVE-2023-27043","api":"https://cve.report/api/cve/CVE-2023-27043.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-27043","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-27043"},"summary":{"title":"CVE-2023-27043","description":"The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-04-19 00:15:00","updated_at":"2024-02-05 07:15:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/","name":"FEDORA-2023-b245e992ea","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html","name":"https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html","refsource":"CONFIRM","tags":[],"title":"Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple — Python Security 0.0 documentation","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/","name":"FEDORA-2023-f96ff39b59","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/","name":"FEDORA-2023-87771f4249","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/","name":"FEDORA-2023-7d223ee343","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"http://python.org","name":"http://python.org","refsource":"MISC","tags":[],"title":"Welcome to Python.org","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/","name":"FEDORA-2024-06ff0a6def","refsource":"","tags":[],"title":"[SECURITY] Fedora 39 Update: python2.7-2.7.18-37.fc39 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/","name":"FEDORA-2023-c0bf8c0c4e","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/","name":"FEDORA-2023-2f86a608b2","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/","name":"FEDORA-2023-555b4d49b1","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20230601-0003/","name":"https://security.netapp.com/advisory/ntap-20230601-0003/","refsource":"CONFIRM","tags":[],"title":"CVE-2023-27043 Python Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/","name":"FEDORA-2023-c61a7d5227","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/python/cpython/issues/102988","name":"https://github.com/python/cpython/issues/102988","refsource":"MISC","tags":[],"title":"Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple · Issue #102988 · python/cpython · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/","name":"FEDORA-2023-88fbb78cd3","refsource":"","tags":[],"title":"[SECURITY] Fedora 39 Update: python3.6-3.6.15-22.fc39 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/","name":"FEDORA-2023-0583eedde7","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"http://python.com","name":"http://python.com","refsource":"MISC","tags":[],"title":"Pink Label, create your own cam site","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/","name":"FEDORA-2023-8085628fff","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/","name":"FEDORA-2024-3ab90a5b01","refsource":"","tags":[],"title":"[SECURITY] Fedora 38 Update: python2.7-2.7.18-37.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/","name":"FEDORA-2023-d01f8a69b4","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/","name":"FEDORA-2023-d577604e6a","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/","name":"FEDORA-2023-0583eedde7","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/","name":"FEDORA-2023-1bb427c240","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-27043","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27043","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"27043","vulnerable":"1","versionEndIncluding":"2.7.18","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"27043","vulnerable":"1","versionEndIncluding":"3.11","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"python","cpe5":"python","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-27043","qid":"161290","title":"Oracle Enterprise Linux Security Update for python3 (ELSA-2024-0256)"},{"cve":"CVE-2023-27043","qid":"161311","title":"Oracle Enterprise Linux Security Update for python3.9 (ELSA-2024-0466)"},{"cve":"CVE-2023-27043","qid":"242698","title":"Red Hat Update for python3 (RHSA-2024:0256)"},{"cve":"CVE-2023-27043","qid":"242742","title":"Red Hat Update for python3 (RHSA-2024:0430)"},{"cve":"CVE-2023-27043","qid":"242746","title":"Red Hat Update for python3.9 (RHSA-2024:0466)"},{"cve":"CVE-2023-27043","qid":"242751","title":"Red Hat Update for python3.9 (RHSA-2024:0454)"},{"cve":"CVE-2023-27043","qid":"242804","title":"Red Hat Update for python3 (RHSA-2024:0586)"},{"cve":"CVE-2023-27043","qid":"284832","title":"Fedora Security Update for python3.6 (FEDORA-2023-b245e992ea)"},{"cve":"CVE-2023-27043","qid":"284833","title":"Fedora Security Update for python3.7 (FEDORA-2023-7d223ee343)"},{"cve":"CVE-2023-27043","qid":"284834","title":"Fedora Security Update for python3.12 (FEDORA-2023-c0bf8c0c4e)"},{"cve":"CVE-2023-27043","qid":"284835","title":"Fedora Security Update for python3.8 (FEDORA-2023-f96ff39b59)"},{"cve":"CVE-2023-27043","qid":"284836","title":"Fedora Security Update for python3.9 (FEDORA-2023-8085628fff)"},{"cve":"CVE-2023-27043","qid":"284837","title":"Fedora Security Update for python3.10 (FEDORA-2023-d01f8a69b4)"},{"cve":"CVE-2023-27043","qid":"284843","title":"Fedora Security Update for python3 (FEDORA-2023-0583eedde7)"},{"cve":"CVE-2023-27043","qid":"284851","title":"Fedora Security Update for python2.7 (FEDORA-2024-3ab90a5b01)"},{"cve":"CVE-2023-27043","qid":"284935","title":"Fedora Security Update for mingw (FEDORA-2024-94e0390e4e)"},{"cve":"CVE-2023-27043","qid":"284974","title":"Fedora Security Update for mingw (FEDORA-2024-8df4ac93d7)"},{"cve":"CVE-2023-27043","qid":"285069","title":"Fedora Security Update for python2.7 (FEDORA-2024-06ff0a6def)"},{"cve":"CVE-2023-27043","qid":"285081","title":"Fedora Security Update for python3.6 (FEDORA-2023-88fbb78cd3)"},{"cve":"CVE-2023-27043","qid":"285082","title":"Fedora Security Update for python3.7 (FEDORA-2023-555b4d49b1)"},{"cve":"CVE-2023-27043","qid":"285083","title":"Fedora Security Update for python3.8 (FEDORA-2023-1bb427c240)"},{"cve":"CVE-2023-27043","qid":"285084","title":"Fedora Security Update for python3.9 (FEDORA-2023-2f86a608b2)"},{"cve":"CVE-2023-27043","qid":"285085","title":"Fedora Security Update for python3.12 (FEDORA-2023-d577604e6a)"},{"cve":"CVE-2023-27043","qid":"285086","title":"Fedora Security Update for python3.11 (FEDORA-2023-87771f4249)"},{"cve":"CVE-2023-27043","qid":"285087","title":"Fedora Security Update for python3.10 (FEDORA-2023-c61a7d5227)"},{"cve":"CVE-2023-27043","qid":"355634","title":"Amazon Linux Security Advisory for python3.11 : ALAS2023-2023-252"},{"cve":"CVE-2023-27043","qid":"378567","title":"Python Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple"},{"cve":"CVE-2023-27043","qid":"379638","title":"Alibaba Cloud Linux Security Update for python3 (ALINUX3-SA-2024:0040)"},{"cve":"CVE-2023-27043","qid":"755169","title":"SUSE Enterprise Linux Security Update for python (SUSE-SU-2023:4220-1)"},{"cve":"CVE-2023-27043","qid":"755707","title":"SUSE Enterprise Linux Security Update for python (SUSE-SU-2024:0329-1)"},{"cve":"CVE-2023-27043","qid":"755733","title":"SUSE Enterprise Linux Security Update for python (SUSE-SU-2024:0437-1)"},{"cve":"CVE-2023-27043","qid":"755734","title":"SUSE Enterprise Linux Security Update for python36 (SUSE-SU-2024:0436-1)"},{"cve":"CVE-2023-27043","qid":"755737","title":"SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2024:0438-1)"},{"cve":"CVE-2023-27043","qid":"755816","title":"SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2024:0581-1)"},{"cve":"CVE-2023-27043","qid":"755827","title":"SUSE Enterprise Linux Security Update for python310 (SUSE-SU-2024:0595-1)"},{"cve":"CVE-2023-27043","qid":"755828","title":"SUSE Enterprise Linux Security Update for python310 (SUSE-SU-2024:0595-1)"},{"cve":"CVE-2023-27043","qid":"755915","title":"SUSE Enterprise Linux Security Update for python (SUSE-SU-2024:0329-2)"},{"cve":"CVE-2023-27043","qid":"755917","title":"SUSE Enterprise Linux Security Update for python311 (SUSE-SU-2024:0782-1)"},{"cve":"CVE-2023-27043","qid":"755919","title":"SUSE Enterprise Linux Security Update for python39 (SUSE-SU-2024:0784-1)"},{"cve":"CVE-2023-27043","qid":"941534","title":"AlmaLinux Security Update for python3 (ALSA-2024:0256)"},{"cve":"CVE-2023-27043","qid":"941552","title":"AlmaLinux Security Update for python3.9 (ALSA-2024:0466)"},{"cve":"CVE-2023-27043","qid":"961108","title":"Rocky Linux Security Update for python3 (RLSA-2024:0256)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2023-27043","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://github.com/python/cpython/issues/102988","url":"https://github.com/python/cpython/issues/102988"},{"refsource":"MISC","name":"http://python.org","url":"http://python.org"},{"refsource":"CONFIRM","name":"https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html","url":"https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html"},{"refsource":"CONFIRM","name":"https://github.com/python/cpython/issues/102988","url":"https://github.com/python/cpython/issues/102988"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20230601-0003/","url":"https://security.netapp.com/advisory/ntap-20230601-0003/"}]}},"nvd":{"publishedDate":"2023-04-19 00:15:00","lastModifiedDate":"2024-02-05 07:15:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndIncluding":"3.11","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.18","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}