DEBIAN-CVE-2024-6923

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2024-6923
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-6923.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-6923
Upstream
Downstream
Published
2024-08-01T14:15:03.647Z
Modified
2025-11-14T04:08:11.728606Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.

References

Affected packages

Debian:11

pypy3

Package

Name
pypy3
Purl
pkg:deb/debian/pypy3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.3.5+dfsg-2+deb11u5

Affected versions

7.*

7.3.5+dfsg-2
7.3.5+dfsg-2+deb11u1
7.3.5+dfsg-2+deb11u2
7.3.5+dfsg-2+deb11u3
7.3.5+dfsg-2+deb11u4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-6923.json"

python2.7

Package

Name
python2.7
Purl
pkg:deb/debian/python2.7?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.18-8
2.7.18-8+deb11u1
2.7.18-9
2.7.18-10
2.7.18-11
2.7.18-12
2.7.18-13
2.7.18-13.1~exp1
2.7.18-13.1
2.7.18-13.2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-6923.json"

python3.9

Package

Name
python3.9
Purl
pkg:deb/debian/python3.9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.2-1+deb11u2

Affected versions

3.*

3.9.2-1
3.9.2-1+deb11u1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-6923.json"

Debian:12

pypy3

Package

Name
pypy3
Purl
pkg:deb/debian/pypy3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.3.11+dfsg-2
7.3.11+dfsg-2+deb12u1
7.3.11+dfsg-2+deb12u2
7.3.11+dfsg-2+deb12u3
7.3.12~rc1+dfsg-1
7.3.12~rc2+dfsg-1
7.3.12+dfsg-1
7.3.13+dfsg-1
7.3.14+dfsg-1
7.3.15+dfsg-1
7.3.16+dfsg-1
7.3.16+dfsg-2
7.3.17+dfsg-1
7.3.17+dfsg-2
7.3.17+dfsg-3
7.3.18+dfsg-1
7.3.18+dfsg-2
7.3.19+dfsg-1
7.3.19+dfsg-2
7.3.20+dfsg-1
7.3.20+dfsg-2
7.3.20+dfsg-3
7.3.20+dfsg-4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-6923.json"

python3.11

Package

Name
python3.11
Purl
pkg:deb/debian/python3.11?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.11.2-6+deb12u5

Affected versions

3.*

3.11.2-6
3.11.2-6+deb12u1
3.11.2-6+deb12u2
3.11.2-6+deb12u3
3.11.2-6+deb12u4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-6923.json"

Debian:13

pypy3

Package

Name
pypy3
Purl
pkg:deb/debian/pypy3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.3.18+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-6923.json"

python3.13

Package

Name
python3.13
Purl
pkg:deb/debian/python3.13?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.13.0~rc2-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-6923.json"

Debian:14

pypy3

Package

Name
pypy3
Purl
pkg:deb/debian/pypy3?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.3.18+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-6923.json"

python3.13

Package

Name
python3.13
Purl
pkg:deb/debian/python3.13?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.13.0~rc2-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-6923.json"