CVE-2024-6923
5.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Summary
There is a MEDIUM severity vulnerability affecting CPython.
The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Python Software Foundation | CPython | 0 < 3.8.20 | affected |
| Python Software Foundation | CPython | 3.9.0 < 3.9.20 | affected |
| Python Software Foundation | CPython | 3.10.0 < 3.10.15 | affected |
| Python Software Foundation | CPython | 3.11.0 < 3.11.10 | affected |
| Python Software Foundation | CPython | 3.12.0 < 3.12.5 | affected |
| Python Software Foundation | CPython | 3.13.0a1 < 3.13.0rc2 | affected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- http://www.openwall.com/lists/oss-security/2024/08/01/3
- http://www.openwall.com/lists/oss-security/2024/08/02/2
- https://security.netapp.com/advisory/ntap-20240926-0003/
- https://lists.debian.org/debian-lts-announce/2025/01/msg00005.html
- https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html
References
- https://github.com/python/cpython/pull/122233
- https://github.com/python/cpython/issues/121650
- https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/
- https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7
- https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0
- https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147
- https://github.com/python/cpython/commit/b158a76ce094897c870fb6b3de62887b7ccc33f1
- https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e6
- https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533
- https://github.com/python/cpython/commit/097633981879b3c9de9a1dd120d3aa585ecc2384
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.