REDHAT-BUG-2302255
First published: Thu Aug 01 2024(Updated: )
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CPython |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2024:5962
- https://access.redhat.com/errata/RHSA-2024:6146
- https://access.redhat.com/errata/RHSA-2024:6163
- https://access.redhat.com/errata/RHSA-2024:6179
- https://access.redhat.com/errata/RHSA-2024:6915
- https://access.redhat.com/errata/RHSA-2024:6909
- https://access.redhat.com/errata/RHSA-2024:6961
- https://access.redhat.com/errata/RHSA-2024:6962
- https://access.redhat.com/errata/RHSA-2024:6975
- https://access.redhat.com/errata/RHSA-2024:7137
- https://access.redhat.com/errata/RHSA-2024:7213
- https://access.redhat.com/errata/RHSA-2024:7374
- https://access.redhat.com/errata/RHSA-2024:7415
- https://access.redhat.com/errata/RHSA-2024:8103
- https://bugzilla.redhat.com/show_bug.cgi?id=2302255
Frequently Asked Questions
What is the severity of REDHAT-BUG-2302255?
The severity of REDHAT-BUG-2302255 is MEDIUM.
What does the vulnerability REDHAT-BUG-2302255 affect?
The vulnerability REDHAT-BUG-2302255 affects the CPython email module.
How does the vulnerability REDHAT-BUG-2302255 affect email message serialization?
The vulnerability REDHAT-BUG-2302255 allows for header injection due to improper quoting of newlines in email headers.
What is required to exploit the vulnerability REDHAT-BUG-2302255?
To exploit the vulnerability REDHAT-BUG-2302255, an attacker needs to manipulate email headers during serialization.
How can I mitigate the effects of REDHAT-BUG-2302255?
Mitigation for REDHAT-BUG-2302255 involves updating CPython to the latest version where the vulnerability has been addressed.
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-6923
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/python software foundation
- canonical/cpython