Описание
The poplib module, when passed a user-controlled command, can have
additional commands injected using newlines. Mitigation rejects commands
containing control characters.
A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server.
Отчет
To exploit this issue, an attacker needs to have the privileges required to send malicious input to an application that sends POP3 commands to a server. Additionally, this flaw can allow attackers to manipulate the state of the mailbox (e.g., delete emails) and to potentially read metadata or specific email content, but it does not allow arbitrary code execution or OS command injection. Due to these reasons, this issue has been rated with a moderate severity.
Меры по смягчению последствий
To mitigate this vulnerability, ensure that no data passed to the poplib module contains newline or carriage return characters.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | firefox | Not affected | ||
| Red Hat Enterprise Linux 10 | python3.14 | Affected | ||
| Red Hat Enterprise Linux 6 | python | Affected | ||
| Red Hat Enterprise Linux 7 | firefox | Not affected | ||
| Red Hat Enterprise Linux 7 | python | Affected | ||
| Red Hat Enterprise Linux 7 | python3 | Affected | ||
| Red Hat Enterprise Linux 8 | firefox | Not affected | ||
| Red Hat Enterprise Linux 8 | python36:3.6/python36 | Not affected | ||
| Red Hat Enterprise Linux 8 | python39-devel:3.9/python39 | Not affected | ||
| Red Hat Enterprise Linux 9 | firefox | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
The poplib module, when passed a user-controlled command, can have add ...
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
EPSS
7.1 High
CVSS3