mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
77 lines
3.1 KiB
JSON
77 lines
3.1 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "cve@mitre.org",
|
|
"ID": "CVE-2023-36632",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "** DISPUTED ** The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger \"RecursionError: maximum recursion depth exceeded while calling a Python object\" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://docs.python.org/3/library/email.utils.html",
|
|
"refsource": "MISC",
|
|
"name": "https://docs.python.org/3/library/email.utils.html"
|
|
},
|
|
{
|
|
"url": "https://docs.python.org/3/library/email.html",
|
|
"refsource": "MISC",
|
|
"name": "https://docs.python.org/3/library/email.html"
|
|
},
|
|
{
|
|
"url": "https://github.com/Daybreak2019/PoC_python3.9_Vul/blob/main/RecursionError-email.utils.parseaddr.py",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/Daybreak2019/PoC_python3.9_Vul/blob/main/RecursionError-email.utils.parseaddr.py"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/python/cpython/issues/103800",
|
|
"url": "https://github.com/python/cpython/issues/103800"
|
|
}
|
|
]
|
|
}
|
|
} |