Описание
The
email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when
serializing an email message allowing for header injection when an email
is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".
A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules, allowing an attacker to inject email headers and potentially modify message recipients or the email body, and spoof sender information.
Отчет
This issue can only be exploitable by Python applications using the LiteralHeader class to write email headers, as it does not respect email folding rules. Additionally, this issue allows attackers to modify message recipients or the email body and spoof sender identity but it does not cause memory corruption or arbitrary code execution. Due to these reasons, this vulnerability has been rated with a moderate severity.
Меры по смягчению последствий
To mitigate this issue, applications accepting user-supplied data for email headers should sanitize the input by stripping or rejecting any strings containing carriage return or line feed characters, '\r' or '\n', respectively, preventing malicious sequences that could lead to header manipulation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | firefox | Not affected | ||
| Red Hat Enterprise Linux 10 | python3.14 | Affected | ||
| Red Hat Enterprise Linux 6 | python | Affected | ||
| Red Hat Enterprise Linux 7 | firefox | Not affected | ||
| Red Hat Enterprise Linux 7 | python | Affected | ||
| Red Hat Enterprise Linux 7 | python3 | Affected | ||
| Red Hat Enterprise Linux 8 | firefox | Not affected | ||
| Red Hat Enterprise Linux 8 | python36:3.6/python36 | Not affected | ||
| Red Hat Enterprise Linux 8 | python39-devel:3.9/python39 | Not affected | ||
| Red Hat Enterprise Linux 9 | firefox | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
7.1 High
CVSS3
Связанные уязвимости
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".
The email module, specifically the "BytesGenerator" class, didn\u2019 ...
7.1 High
CVSS3