Mail Header Misinterpretation in Python Caused by Incorrect Unicode Encoding
CVE-2025-1795

2.3LOW

Key Information:

Vendor

Python Software Foundation

Status
Cpython
Vendor
CVE Published:
28 February 2025

What is CVE-2025-1795?

A vulnerability in Python’s handling of address list folding can cause a separating comma to be incorrectly unicode-encoded when it appears at the end of a folded line. This unexpected behavior may lead to mail servers misinterpreting the address header, potentially causing delivery issues or other unexpected results in email processing.

Affected Version(s)

CPython 0 < 3.11.9

CPython 3.12.0 < 3.12.3

CPython 3.13.0a1 < 3.13.0a5

References

https://github.com/python/cpython/issues/100884
issue-tracking
https://github.com/python/cpython/pull/100885
patch
https://github.com/python/cpython/pull/119099
patch

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.