The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
References
Link Providers
http://python.org cve-icon cve-icon
https://access.redhat.com/articles/7051467 cve-icon
https://github.com/python/cpython/issues/102988 cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/ cve-icon
https://lists.fedoraproject.org/archives/list/[email protected]/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/ cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-27043 cve-icon
https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20230601-0003/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-27043 cve-icon
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-04-18T00:00:00

Updated: 2024-08-02T12:01:32.288Z

Reserved: 2023-02-27T00:00:00

Link: CVE-2023-27043

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-04-19T00:15:07.973

Modified: 2024-11-21T07:52:13.737

Link: CVE-2023-27043

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-04-19T00:00:00Z

Links: CVE-2023-27043 - Bugzilla