QwikSec

Security Database

CVE

CWE

Training

CVE-2023-27043

Published: Apr 18, 2023

Modified: May 12, 2026

PUBLISHED

Description

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/python/cpython/issues/102988

http://python.org

https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html

https://security.netapp.com/advisory/ntap-20230601-0003/

FEDORA-2023-88fbb78cd3

vendor-advisory

FEDORA-2023-555b4d49b1

vendor-advisory

FEDORA-2023-2f86a608b2

vendor-advisory

FEDORA-2023-1bb427c240

vendor-advisory

FEDORA-2023-87771f4249

vendor-advisory

FEDORA-2023-c61a7d5227

vendor-advisory

FEDORA-2023-d577604e6a

vendor-advisory

FEDORA-2023-7d223ee343

vendor-advisory

FEDORA-2023-c0bf8c0c4e

vendor-advisory

FEDORA-2023-f96ff39b59

vendor-advisory

FEDORA-2023-8085628fff

vendor-advisory

FEDORA-2023-d01f8a69b4

vendor-advisory

FEDORA-2023-b245e992ea

vendor-advisory

FEDORA-2023-0583eedde7

vendor-advisory

FEDORA-2024-06ff0a6def

vendor-advisory

FEDORA-2024-3ab90a5b01

vendor-advisory

FEDORA-2023-0583eedde7

vendor-advisory

FEDORA-2024-8df4ac93d7

vendor-advisory

FEDORA-2024-94e0390e4e

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.