[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2023-27043Date: (C)2023-04-20   (M)2024-05-06


The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.3CVSS Score :
Exploit Score: 3.9Exploit Score:
Impact Score: 1.4Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector:
Attack Complexity: LOWAccess Complexity:
Privileges Required: NONEAuthentication:
User Interaction: NONEConfidentiality:
Scope: UNCHANGEDIntegrity:
Confidentiality: NONEAvailability:
Integrity: LOW 
Availability: NONE 
  
Reference:
FEDORA-2023-0583eedde7
FEDORA-2023-1bb427c240
FEDORA-2023-2f86a608b2
FEDORA-2023-555b4d49b1
FEDORA-2023-7d223ee343
FEDORA-2023-8085628fff
FEDORA-2023-87771f4249
FEDORA-2023-88fbb78cd3
FEDORA-2023-b245e992ea
FEDORA-2023-c0bf8c0c4e
FEDORA-2023-c61a7d5227
FEDORA-2023-d01f8a69b4
FEDORA-2023-d577604e6a
FEDORA-2023-f96ff39b59
FEDORA-2024-06ff0a6def
FEDORA-2024-3ab90a5b01
FEDORA-2024-8df4ac93d7
FEDORA-2024-94e0390e4e
http://python.org
https://github.com/python/cpython/issues/102988
https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html
https://security.netapp.com/advisory/ntap-20230601-0003/

CWE    1
CWE-20
OVAL    38
oval:org.secpod.oval:def:509088
oval:org.secpod.oval:def:126929
oval:org.secpod.oval:def:19500301
oval:org.secpod.oval:def:1507257
...

© SecPod Technologies