CVE-2024-6923

There is a MEDIUM severity vulnerability affecting CPython.

The 
email module didnt properly quote newlines for email headers when 
serializing an email message allowing for header injection when an email
 is serialized.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
PSFCNA
---
---
CISA-ADPADP
5.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Debian logo
Debian Releases
Debian Product
Codename
python2.7
bullseye
vulnerable
python3.11
bookworm
3.11.2-6+deb12u6
fixed
bullseye
ignored
bookworm (security)
vulnerable
python3.12
sid
3.12.10-1
fixed
bullseye
ignored
python3.13
trixie
3.13.3-2
fixed
bullseye
ignored
sid
3.13.3-4
fixed
python3.9
bullseye
vulnerable
bullseye (security)
3.9.2-1+deb11u3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python2.7
plucky
dne
oracular
dne
noble
dne
jammy
Fixed 2.7.18-13ubuntu1.3
released
focal
Fixed 2.7.18-1~20.04.5
released
bionic
Fixed 2.7.17-1~18.04ubuntu1.13+esm7
released
xenial
Fixed 2.7.12-1ubuntu0~16.04.18+esm12
released
trusty
Fixed 2.7.6-8ubuntu0.6+esm21
released
python3.10
plucky
dne
oracular
dne
noble
dne
jammy
Fixed 3.10.12-1~22.04.6
released
focal
dne
bionic
dne
xenial
dne
trusty
dne
python3.11
plucky
dne
oracular
dne
noble
dne
jammy
needs-triage
focal
dne
bionic
dne
xenial
dne
trusty
dne
python3.12
plucky
dne
oracular
not-affected
noble
Fixed 3.12.3-1ubuntu0.2
released
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
python3.13
plucky
not-affected
oracular
not-affected
noble
dne
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
python3.4
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
needs-triage
python3.5
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
dne
xenial
ignored
trusty
ignored
python3.6
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
needs-triage
xenial
dne
trusty
dne
python3.7
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
needs-triage
xenial
dne
trusty
dne
python3.8
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
Fixed 3.8.10-0ubuntu1~20.04.12
released
bionic
needs-triage
xenial
dne
trusty
dne
python3.9
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
needs-triage
bionic
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147
https://github.com/python/cpython/commit/097633981879b3c9de9a1dd120d3aa585ecc2384
https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7
https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0
https://github.com/python/cpython/commit/b158a76ce094897c870fb6b3de62887b7ccc33f1
https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e6
https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533
https://github.com/python/cpython/issues/121650
https://github.com/python/cpython/pull/122233
https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/
http://www.openwall.com/lists/oss-security/2024/08/01/3
http://www.openwall.com/lists/oss-security/2024/08/02/2
https://lists.debian.org/debian-lts-announce/2025/01/msg00005.html
https://security.netapp.com/advisory/ntap-20240926-0003/