PT-2023-4573 · Python+12 · Python+12

Tdwyer

·

Published

2023-04-18

·

Updated

2026-05-12

·

CVE-2023-27043

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Python versions 0 through 2.7.18 Python versions 3.x through 3.11.3
Description The email module of Python incorrectly parses e-mail addresses that contain a special character, allowing attackers to bypass protection mechanisms. This can be exploited in applications where access is granted only after verifying receipt of e-mail to a specific domain. The issue is related to insufficient input validation.
Recommendations For Python versions 0 through 2.7.18, update to a version later than 2.7.18. For Python versions 3.x through 3.11.3, update to Python 3.13. As a temporary workaround, consider restricting the use of the email module until a patch is available.

Exploit

Fix

RCE

Weakness Enumeration

CWE-1286CWE-20

Related Identifiers

ALSA-2024:0256
ALSA-2024:0466
ALSA-2024:2292
ALSA-2024:2985
ALSA-2024:3062
ALT-PU-2023-1951
ALT-PU-2024-12989
ALT-PU-2024-13457
AZL-31167
AZL-35144
BDU:2023-04980
BIT-LIBPYTHON-2023-27043
BIT-PYTHON-2023-27043
BIT-PYTHON-MIN-2023-27043
CESA-2024_0256
CESA-2024_2985
CESA-2024_3062
CLEANSTART-2026-BM51903
CLEANSTART-2026-CI66802
CLEANSTART-2026-KM27583
CVE-2023-27043
DLA-3966-1
DLA-3980-1
DLA-4094-1
INFSA-2024_2292
INFSA-2024_2985
INFSA-2024_3062
MGASA-2024-0317
OESA-2024-2354
OESA-2024-2420
OESA-2024-2421
OPENSUSE-SU-2023_4220-1
OPENSUSE-SU-2024:13049-1
OPENSUSE-SU-2024:13066-1
OPENSUSE-SU-2024:13085-1
OPENSUSE-SU-2024:13099-1
OPENSUSE-SU-2024:13104-1
OPENSUSE-SU-2024:13135-1
OPENSUSE-SU-2024:14109-1
OPENSUSE-SU-2024:14434-1
OPENSUSE-SU-2024_0581-1
OPENSUSE-SU-2024_0784-1
OPENSUSE-SU-2024_1862-1
OPENSUSE-SU-2024_2982-1
OPENSUSE-SU-2025:15713-1
PSF-2023-2
RHSA-2024:0256
RHSA-2024:0430
RHSA-2024:0454
RHSA-2024:0466
RHSA-2024:0586
RHSA-2024:2292
RHSA-2024:2985
RHSA-2024:3062
RHSA-2024_0256
RHSA-2024_0466
RHSA-2024_2292
RHSA-2024_2985
RHSA-2024_3062
RLSA-2024:0256
RLSA-2024:2985
SUSE-SU-2023:4220-1
SUSE-SU-2024:0329-1
SUSE-SU-2024:0329-2
SUSE-SU-2024:0436-1
SUSE-SU-2024:0437-1
SUSE-SU-2024:0438-1
SUSE-SU-2024:0464-1
SUSE-SU-2024:0581-1
SUSE-SU-2024:0595-1
SUSE-SU-2024:0782-1
SUSE-SU-2024:0782-2
SUSE-SU-2024:0784-1
SUSE-SU-2024:1667-1
SUSE-SU-2024:1862-1
SUSE-SU-2024:2982-1
SUSE-SU-2024_0436-1
SUSE-SU-2024_0437-1
SUSE-SU-2024_0438-1
SUSE-SU-2024_0581-1
SUSE-SU-2024_0595-1
SUSE-SU-2024_2982-1
SUSE-SU-2025:20154-1
SUSE-SU-2025:20374-1
USN-7015-1
USN-7015-3
USN-7015-4
USN-7015-6
USN-7015-7

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Apple Macos
Python
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu