CVE-2025-11468

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-11468
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-11468.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-11468
Aliases
Downstream
Related
Published
2026-01-20T21:09:11.229Z
Modified
2026-06-15T12:21:10.219246779Z
Severity
  • 5.7 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Folding email comments of unfoldable characters doesn't preserve parenthesis
Details

When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/11xxx/CVE-2025-11468.json",
    "cna_assigner": "PSF"
}
References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type
GIT
Repo
https://github.com/python/cpython
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Introduced
deaf509e8fc6e0363bd6f26d52ad42f976ec42f2
Introduced
0fb18b02c8ad56299d6a2910be0bab8ad601ef24
Introduced
60403a5409ff2c3f3b07dd2ca91a7a3e096839c7
Introduced
ebf955df7a89ed0c7968f79faec1de49f61ed7cb
Introduced
f31a89bb901067dd105b00cfa90523cf7ffdbbdd
Fixed
842e987df856a5d4db37933c62a3456930a19092
Fixed
2340a037f7450e70fccfe411e6531afb4d57a312
Fixed
3bb231a6a5dc02b95658877318bf61501a7209e9
Fixed
1cbe481834751b0125e006042ffbd8cd5eaec8a8
Fixed
323c59a5e348347be2ce2b7ea55fcb30bf68b2d3
Fixed
15b216f30d0445469ec31bc7509fcc55a216ef7c
Fixed
003b8315669b9f08b1010a49071f73f15f818094
Fixed
17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2
Fixed
61614a5e5056e4f61ced65008d4576f3df34acb6
Fixed
a76e4cd62dd68e7cbe86e37e6ed988495a646b66
Fixed
e9970f077240c7c670e8a6fc6662f2b30d3b6ad0
Fixed
f738386838021c762efea6c9802c82de65e87796
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.10.20"
        },
        {
            "introduced": "3.11.0"
        },
        {
            "fixed": "3.11.15"
        },
        {
            "introduced": "3.12.0"
        },
        {
            "fixed": "3.12.13"
        },
        {
            "introduced": "3.13.0"
        },
        {
            "fixed": "3.13.12"
        },
        {
            "introduced": "3.14.0"
        },
        {
            "fixed": "3.14.3"
        },
        {
            "introduced": "3.15.0a1"
        },
        {
            "fixed": "3.15.0a6"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

v0.*
v0.9.8
v0.9.9
v1.*
v1.0.1
v1.0.2
v1.1
v1.1.1
v1.2
v1.2b1
v1.2b2
v1.2b3
v1.2b4
v1.3
v1.3b1
v1.4
v1.4b1
v1.4b2
v1.4b3
v1.5
v1.5.1
v1.5.2
v1.5.2a1
v1.5.2a2
v1.5.2b1
v1.5.2b2
v1.5.2c1
v1.5a1
v1.5a2
v1.5a3
v1.5a4
v1.5b1
v1.5b2
v1.6a1
v1.6a2
v2.*
v2.0
v2.0b1
v2.0b2
v2.0c1
v2.1
v2.1a1
v2.1a2
v2.1b1
v2.1b2
v2.1c1
v2.1c2
v2.2a3
v2.3c1
v2.3c2
v2.4
v2.4a1
v2.4a2
v2.4a3
v2.4b1
v2.4b2
v2.4c1
v3.*
v3.0a1
v3.0a2
v3.0a3
v3.0a4
v3.0a5
v3.0b1
v3.0b2
v3.0b3
v3.0rc1
v3.0rc2
v3.0rc3
v3.1
v3.10.0a1
v3.10.0a7
v3.10.0b1
v3.10.0b2
v3.10.0b3
v3.10.0b4
v3.10.0rc1
v3.10.0rc2
v3.10.1
v3.10.10
v3.10.11
v3.10.12
v3.10.13
v3.10.14
v3.10.15
v3.10.16
v3.10.17
v3.10.18
v3.10.19
v3.10.2
v3.10.3
v3.10.4
v3.10.5
v3.10.6
v3.10.7
v3.10.8
v3.10.9
v3.11.0a3
v3.11.0a4
v3.11.0a5
v3.11.0a6
v3.11.0a7
v3.11.0b1
v3.11.0b2
v3.11.0b3
v3.11.0b4
v3.11.0b5
v3.11.0rc1
v3.11.0rc2
v3.11.1
v3.11.10
v3.11.11
v3.11.12
v3.11.13
v3.11.14
v3.11.2
v3.11.3
v3.11.4
v3.11.5
v3.11.6
v3.11.7
v3.11.8
v3.11.9
v3.12.0
v3.12.0a1
v3.12.0a2
v3.12.0a3
v3.12.0a4
v3.12.0a5
v3.12.0a6
v3.12.0a7
v3.12.0b1
v3.12.1
v3.12.10
v3.12.11
v3.12.12
v3.12.2
v3.12.3
v3.12.4
v3.12.5
v3.12.6
v3.12.7
v3.12.8
v3.12.9
v3.13.0
v3.13.0a1
v3.13.0a2
v3.13.0a3
v3.13.0a4
v3.13.0a5
v3.13.0a6
v3.13.0b1
v3.13.1
v3.13.10
v3.13.11
v3.13.2
v3.13.3
v3.13.4
v3.13.5
v3.13.6
v3.13.7
v3.13.8
v3.14.0
v3.14.0a1
v3.14.0a2
v3.14.0a3
v3.14.0a4
v3.14.0a5
v3.14.0a6
v3.14.0a7
v3.14.0b1
v3.14.1
v3.14.2
v3.15.0a1
v3.15.0a2
v3.15.0a3
v3.15.0a4
v3.15.0a5
v3.1a1
v3.1a2
v3.1b1
v3.1rc1
v3.1rc2
v3.2a1
v3.2a2
v3.2a3
v3.2a4
v3.2b1
v3.2b2
v3.2rc1
v3.2rc2
v3.2rc3
v3.3.0a2
v3.3.0a3
v3.3.0a4
v3.3.0b1
v3.3.0b2
v3.3.0rc1
v3.3.0rc2
v3.3.0rc3
v3.4.0a1
v3.4.0a2
v3.4.0a3
v3.4.0a4
v3.4.0b1
v3.4.0b2
v3.4.0b3
v3.5.0a1
v3.5.0a2
v3.5.0a3
v3.5.0a4
v3.5.0b1
v3.6.0a3
v3.6.0b1
v3.7.0a2
v3.9.0a2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-11468.json"