MiracleLinux 8 : python3-3.6.8-56.el8_9.3.ML.1 (AXSA:2024-7427:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7427:02 advisory. python: Parsing errors in email/parseaddr.py lead to incorrect value in email address part of tuple CVE-2023-27043 Tenable has extracted the preceding...

BIT-LIBPYTHON-2023-36632

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed ...

CLSA-2024-1717693264 python2: Fix of CVE-2023-27043

Remove -b option, use original maintainer approach - CVE-2023-27043: reject malformed addresses in email.parseaddr...

CLSA-2024-1717692075 python2: Fix of CVE-2023-27043

Remove -b option, use original maintainer approach - CVE-2023-27043: reject malformed addresses in email.parseaddr...

CLSA-2024-1711648611 python3.9: Fix of CVE-2023-27043

CVE-2023-27043: reject malformed addresses in email.parseaddr...

CLSA-2024-1711491407 python: Fix of CVE-2023-27043

CVE-2023-27043: reject malformed addresses in email.parseaddr...

Python 安全漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python version 3.11.4 and earlier, which stems from a recursive exception in th...

CVE-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...