PT-2026-39305

Name of the Vulnerable Software and Affected Versions eml parser version 3.0.0 Description A recursion denial of service exists in the get raw body text function within eml parser/parser.py. The function recurses unconditionally for every nested message/rfc822 attachment without a depth limit. An...

GHSA-XPH3-R2JF-4VP3 Haraka affected by DoS via `__proto__` email header

Summary Sending an email with proto: as a header name crashes the Haraka worker process. Details The header parser at nodemodules/haraka-email-message/lib/header.js:215-218 stores headers in a plain object: javascript addheaderkey, value, method this.headerskey ??= // line 216 this.headerskeymeth...

Medium: python38

Issue Overview: The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which...

SUSE-SU-2024:0595-1 Security update for python310

This update for python310 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parser of e-mail addresses which contain a special character bsc1210638...

SUSE CVE-2023-36632

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed ...

CVE-2023-36632

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed ...

Python 安全漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python version 3.11.4 and earlier, which stems from a recursive exception in th...

ROS-2-1184

2.1184 Multiple vulnerabilities in ClamAV antivirus package CVE-2021-1252, CVE-2021-1404, CVE-2021-1405 1. Vulnerability Description: CVE-2021-1252 - looping when processing specially formatted Excel XLM files. CVE-2021-1404 - process crash when processing specially formatted PDF documents...

Clam AntiVirus (ClamAV) Email Parser Denial of Service Vulnerability

...

SUSE-SU-2019:2798-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2019-16056: Fixed a parser issue in the email module. bsc1149955 - CVE-2018-20852: Fixed an incorrect domain validation that could lead to cookies being sent to the wrong server. bsc1141853...

DEBIAN-CVE-2008-7280

Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System OTRS before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote attackers to cause a denial of service e-mail retrieval outage via a crafted message...

CVE-2008-7280

Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System OTRS before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote attackers to cause a denial of service e-mail retrieval outage via a crafted message...

CVE-2005-4427

Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the 1 fileid parameter to attachmentsend.php, 2 the $addy variable in emailparser.php, 3 $address variable in emailparser.php, 4 $aaddress variable in structs.php, 5 kbid...