CVE-2023-36632

🗓️ 25 Jun 2023 00:00:00Reported by mitreType

The legacy Python email.utils.parseaddr function through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via crafted input, despite the fact that the vendor does not consider it a vulnerability or bug

Reporter	Title	Published	Views	Family All 42
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v5.0.3 is vulnerable to multiple Base OS issues	15 Apr 202503:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.7 is vulnerable to multiple Base OS issues	15 Apr 202503:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security QRadar EDR Software has multiple vulnerabilities	14 Mar 202510:49	–	ibm
ATTACKERKB	CVE-2023-36632	25 Jun 202318:15	–	attackerkb
BDU FSTEC	The vulnerability of the email.utils.parseaddr function in the Python interpreter allows a attacker to cause a service failure.	29 Aug 202300:00	–	bdu_fstec
Circl	CVE-2023-36632	26 Jun 202300:10	–	circl
CNNVD	Python 安全漏洞	25 Jun 202300:00	–	cnnvd
CVE	CVE-2023-36632	25 Jun 202300:00	–	cve
F5 Networks	K000139698: Python vulnerabilities CVE-2016-5636, CVE-2018-1000802, CVE-2022-48565 and CVE-2023-36632	20 May 202422:01	–	f5
Tenable Nessus	F5 Networks BIG-IP : Python vulnerabilities (K000139698)	20 May 202400:00	–	nessus

Source	Link
docs	www.docs.python.org/3/library/email.html
github	www.github.com/python/cpython/issues/103800
github	www.github.com/Daybreak2019/PoC_python3.9_Vul/blob/main/RecursionError-email.utils.parseaddr.py
docs	www.docs.python.org/3/library/email.utils.html

29 Jun 2023 00:00Current

7.6High risk

Vulners AI Score7.6

EPSS0.00279