CVE-2024-6923

EUVD-2024-48020
There is a MEDIUM severity vulnerability affecting CPython.

The 
email module didn’t properly quote newlines for email headers when 
serializing an email message allowing for header injection when an email
 is serialized.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
pythoncpython
𝑥
≤ 3.13.0rc2
ADP
Debian logo
Debian Releases
Debian Product
Codename
pypy3
bookworm
no-dsa
bullseye
ignored
bullseye (security)
7.3.5+dfsg-2+deb11u5
fixed
forky
7.3.20+dfsg-4
fixed
sid
7.3.20+dfsg-4
fixed
trixie
7.3.19+dfsg-2
fixed
python2.7
bookworm
no-dsa
bullseye
vulnerable
python3.11
bookworm
3.11.2-6+deb12u6
no-dsa
bookworm (security)
vulnerable
bullseye
ignored
python3.13
bookworm
no-dsa
bullseye
ignored
forky
3.13.11-1
fixed
sid
3.13.11-1
fixed
trixie
3.13.5-2
fixed
python3.9
bookworm
no-dsa
bullseye
ignored
bullseye (security)
3.9.2-1+deb11u3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python3.5
bionic
dne
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
ignored
xenial
ignored
python2.7
bionic
Fixed 2.7.17-1~18.04ubuntu1.13+esm7
released
focal
Fixed 2.7.18-1~20.04.5
released
jammy
Fixed 2.7.18-13ubuntu1.3
released
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
Fixed 2.7.6-8ubuntu0.6+esm21
released
xenial
Fixed 2.7.12-1ubuntu0~16.04.18+esm12
released
python3.4
bionic
dne
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
needs-triage
xenial
dne
python3.6
bionic
needs-triage
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
dne
xenial
dne
python3.7
bionic
needs-triage
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
dne
xenial
dne
python3.8
bionic
needs-triage
focal
Fixed 3.8.10-0ubuntu1~20.04.12
released
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
dne
xenial
dne
python3.9
bionic
dne
focal
needs-triage
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
dne
xenial
dne
python3.10
bionic
dne
focal
dne
jammy
Fixed 3.10.12-1~22.04.6
released
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
dne
xenial
dne
python3.11
bionic
dne
focal
dne
jammy
needs-triage
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
dne
xenial
dne
python3.12
bionic
dne
focal
dne
jammy
dne
noble
Fixed 3.12.3-1ubuntu0.2
released
oracular
not-affected
plucky
dne
questing
dne
trusty
dne
xenial
dne
python3.13
bionic
dne
focal
dne
jammy
dne
noble
dne
oracular
not-affected
plucky
not-affected
questing
not-affected
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147
https://github.com/python/cpython/commit/097633981879b3c9de9a1dd120d3aa585ecc2384
https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7
https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0
https://github.com/python/cpython/commit/b158a76ce094897c870fb6b3de62887b7ccc33f1
https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e6
https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533
https://github.com/python/cpython/issues/121650
https://github.com/python/cpython/pull/122233
https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/
http://www.openwall.com/lists/oss-security/2024/08/01/3
http://www.openwall.com/lists/oss-security/2024/08/02/2
https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00005.html
https://security.netapp.com/advisory/ntap-20240926-0003/