AZL-35144

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-35144.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-35144

Upstream

CVE-2023-27043

Published

2023-04-19T00:15:07Z

Modified

2026-04-01T05:11:56.827155Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

CVE-2023-27043 affecting package python3 3.12.9-9

Details

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-27043

Affected packages

Azure Linux:3 / python3

Package

Name: python3
Purl: pkg:rpm/azure-linux/python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.12.9-9

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-35144.json"