Baltsers

**Name of the Vulnerable Software and Affected Versions** Python versions through 3.11.4 **Description** The legacy email.utils.parseaddr function in Python allows attackers to trigger a "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. The email package is intended to have size limits and to throw an exception when limits are exceeded. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. **Recommendations** For Python versions through 3.11.4, consider using the email.parser.BytesParser or email.parser.Parser class instead of the legacy email.utils.parseaddr function to mitigate the risk of exploitation. As a temporary workaround, consider restricting the input data to prevent crafted arguments from triggering the RecursionError. At the moment, there is no information about a newer version that contains a fix for this vulnerability.