Vulnerability Description
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c5014
- https://github.com/python/cpython/commit/097633981879b3c9de9a1dd120d3aa585ecc238
- https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa
- https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d
- https://github.com/python/cpython/commit/b158a76ce094897c870fb6b3de62887b7ccc33f
- https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e
- https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb97553
- https://github.com/python/cpython/issues/121650
- https://github.com/python/cpython/pull/122233
- https://mail.python.org/archives/list/[email protected]/thread/QH3BUO
- http://www.openwall.com/lists/oss-security/2024/08/01/3
- http://www.openwall.com/lists/oss-security/2024/08/02/2
- https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00005.html
- https://security.netapp.com/advisory/ntap-20240926-0003/
FAQ
What is CVE-2024-6923?
CVE-2024-6923 is a vulnerability with a CVSS score of 5.5 (MEDIUM). There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an...
How severe is CVE-2024-6923?
CVE-2024-6923 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-6923?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.