The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00087.

Exploitation poc

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Fedoraproject Subscribe
Fedora Subscribe
Netapp Subscribe
Active Iq Unified Manager Subscribe
Ontap Select Deploy Administration Utility Subscribe
Python Subscribe
Python Subscribe
Redhat Subscribe
Enterprise Linux Subscribe
Openshift Data Foundation Subscribe
Rhel Eus Subscribe

Configuration 1 [-]

OR cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
python3-0:3.6.8-56.el8_9.3 cpe:/a:redhat:enterprise_linux:8 RHSA-2024:0256 2024-01-15T00:00:00Z
python39:3.9-8100020240214182535.7044f6c1 cpe:/a:redhat:enterprise_linux:8 RHSA-2024:2985 2024-05-22T00:00:00Z
python39-devel:3.9-8100020240214182535.7044f6c1 cpe:/a:redhat:enterprise_linux:8 RHSA-2024:2985 2024-05-22T00:00:00Z
python3.11-0:3.11.7-1.el8 cpe:/a:redhat:enterprise_linux:8 RHSA-2024:3062 2024-05-22T00:00:00Z
python3-0:3.6.8-56.el8_9.3 cpe:/o:redhat:enterprise_linux:8 RHSA-2024:0256 2024-01-15T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
python3-0:3.6.8-47.el8_6.4 cpe:/a:redhat:rhel_eus:8.6 RHSA-2024:0430 2024-01-25T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
python3-0:3.6.8-51.el8_8.4 cpe:/a:redhat:rhel_eus:8.8 RHSA-2024:0586 2024-01-30T00:00:00Z
Red Hat Enterprise Linux 9
python3.9-0:3.9.18-1.el9_3.1 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:0466 2024-01-25T00:00:00Z
python3.11-0:3.11.7-1.el9 cpe:/a:redhat:enterprise_linux:9 RHSA-2024:2292 2024-04-30T00:00:00Z
python3.9-0:3.9.18-1.el9_3.1 cpe:/o:redhat:enterprise_linux:9 RHSA-2024:0466 2024-01-25T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
python3.9-0:3.9.16-1.el9_2.3 cpe:/a:redhat:rhel_eus:9.2 RHSA-2024:0454 2024-01-25T00:00:00Z
RHODF-4.15-RHEL-9
odf4/cephcsi-rhel9:v4.15.0-37 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/mcg-core-rhel9:v4.15.0-68 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/mcg-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/mcg-rhel9-operator:v4.15.0-39 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-client-console-rhel9:v4.15.0-58 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-client-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-client-rhel9-operator:v4.15.0-13 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-metrics-exporter-rhel9:v4.15.0-81 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/ocs-rhel9-operator:v4.15.0-79 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-cli-rhel9:v4.15.0-22 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-console-rhel9:v4.15.0-57 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-cosi-sidecar-rhel9:v4.15.0-6 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-csi-addons-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-csi-addons-rhel9-operator:v4.15.0-15 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-csi-addons-sidecar-rhel9:v4.15.0-15 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.15.0-54 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-multicluster-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-multicluster-rhel9-operator:v4.15.0-10 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-must-gather-rhel9:v4.15.0-26 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odf-rhel9-operator:v4.15.0-19 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odr-cluster-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odr-hub-operator-bundle:v4.15.0-158 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/odr-rhel9-operator:v4.15.0-21 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z
odf4/rook-ceph-rhel9-operator:v4.15.0-103 cpe:/a:redhat:openshift_data_foundation:4.15::el9 RHSA-2024:1383 2024-03-19T00:00:00Z

No data.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-3966-1 pypy3 security update
Debian DLA Debian DLA DLA-3980-1 python3.9 security update
Debian DLA Debian DLA DLA-4094-1 mercurial security update
Ubuntu USN Ubuntu USN USN-7015-1 Python vulnerabilities
Ubuntu USN Ubuntu USN USN-7015-3 Python vulnerability
Ubuntu USN Ubuntu USN USN-7015-4 Python vulnerability
Ubuntu USN Ubuntu USN USN-7015-7 Python 2.7 regression
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://python.org cve-icon cve-icon
http://seclists.org/fulldisclosure/2025/Apr/8 cve-icon
https://access.redhat.com/articles/7051467 cve-icon
https://github.com/python/cpython/issues/102988 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html cve-icon
https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/ cve-icon
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/ cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-27043 cve-icon
https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20230601-0003/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-27043 cve-icon
History

Wed, 17 Dec 2025 22:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1286
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Mon, 19 May 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Fedoraproject
Fedoraproject fedora
Netapp
Netapp active Iq Unified Manager
Netapp ontap Select Deploy Administration Utility
CPEs cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Vendors & Products Fedoraproject
Fedoraproject fedora
Netapp
Netapp active Iq Unified Manager
Netapp ontap Select Deploy Administration Utility

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-12-17T21:28:09.789Z

Reserved: 2023-02-27T00:00:00.000Z

Link: CVE-2023-27043

cve-icon Vulnrichment

Updated: 2025-11-03T21:47:33.100Z

cve-icon NVD

Status : Modified

Published: 2023-04-19T00:15:07.973

Modified: 2025-12-17T22:15:57.470

Link: CVE-2023-27043

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-04-19T00:00:00Z

Links: CVE-2023-27043 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses