The email module, specifically the BytesGenerator class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using LiteralHeader writing headers that dont respect email folding rules, the new behavior will reject the incorrectly folded headers in BytesGenerator.
Weakness
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 10 | RedHat | python3.12-0:3.12.12-3.el10_1.1 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | python3.12-0:3.12.9-2.el10_0.7 | * |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | python3-0:3.6.8-21.el7_9.4 | * |
| Red Hat Enterprise Linux 8 | RedHat | python3-0:3.6.8-73.el8_10 | * |
| Red Hat Enterprise Linux 8 | RedHat | python3.12-0:3.12.12-3.el8_10 | * |
| Red Hat Enterprise Linux 8 | RedHat | python3.11-0:3.11.13-5.el8_10 | * |
| Red Hat Enterprise Linux 8 | RedHat | python3-0:3.6.8-73.el8_10 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | python3-0:3.6.8-24.el8_2.6 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | python3-0:3.6.8-39.el8_4.9 | * |
| Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | RedHat | python3-0:3.6.8-39.el8_4.9 | * |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | python3-0:3.6.8-47.el8_6.11 | * |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | python3-0:3.6.8-47.el8_6.11 | * |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | python3-0:3.6.8-47.el8_6.11 | * |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | RedHat | python3.11-0:3.11.2-2.el8_8.8 | * |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | RedHat | python3-0:3.6.8-51.el8_8.13 | * |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | RedHat | python3.11-0:3.11.2-2.el8_8.8 | * |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | RedHat | python3-0:3.6.8-51.el8_8.13 | * |
| Red Hat Enterprise Linux 9 | RedHat | python3.12-0:3.12.12-4.el9_7.1 | * |
| Red Hat Enterprise Linux 9 | RedHat | python3.9-0:3.9.25-3.el9_7.1 | * |
| Red Hat Enterprise Linux 9 | RedHat | python3.11-0:3.11.13-5.1.el9_7 | * |
| Red Hat Enterprise Linux 9 | RedHat | python3.9-0:3.9.25-3.el9_7.1 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | python3.9-0:3.9.10-4.el9_0.9 | * |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | RedHat | python3.11-0:3.11.2-2.el9_2.10 | * |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | RedHat | python3.9-0:3.9.16-1.el9_2.12 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | python3.9-0:3.9.18-3.el9_4.11 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | python3.12-0:3.12.1-4.el9_4.11 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | python3.11-0:3.11.7-1.el9_4.11 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | python3.12-0:3.12.9-1.el9_6.6 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | python3.9-0:3.9.21-2.el9_6.4 | * |
| Red Hat AI Inference Server 3.3 | RedHat | rhaiis/vllm-spyre-rhel9:1778244546 | * |
| Red Hat AI Inference Server 3.3 | RedHat | rhaiis/vllm-cuda-rhel9:1775680192 | * |
| Red Hat AI Inference Server 3.3 | RedHat | rhaiis/vllm-rocm-rhel9:1775680262 | * |
| Red Hat AI Inference Server 3.3 | RedHat | rhaiis/model-opt-cuda-rhel9:1775749857 | * |
| Red Hat Ceph Storage 8 | RedHat | rhceph/rhceph-8-rhel9:1774002867 | * |
| Red Hat Discovery 2 | RedHat | discovery/discovery-server-rhel9:1775668717 | * |
| Red Hat Discovery 2 | RedHat | discovery/discovery-ui-rhel9:1775675922 | * |
| Red Hat Hardened Images | RedHat | python3-13-main-3.13.13-1.hum1 | * |
| Red Hat Hardened Images | RedHat | python3-14-main-3.14.4-1.hum1 | * |
| Red Hat Hardened Images | RedHat | python3-11-main-3.11.15-4.hum1 | * |
| Red Hat Hardened Images | RedHat | python3-12-main-3.12.13-3.hum1 | * |
| Red Hat Update Infrastructure 5 | RedHat | rhui5/cds-rhel9:1773670073 | * |
| Red Hat Update Infrastructure 5 | RedHat | rhui5/haproxy-rhel9:1773672059 | * |
| Red Hat Update Infrastructure 5 | RedHat | rhui5/installer-rhel9:1773668803 | * |
| Red Hat Update Infrastructure 5 | RedHat | rhui5/rhua-rhel9:1773670137 | * |
| Python2.7 | Ubuntu | esm-infra/xenial | * |
| Python3.13 | Ubuntu | upstream | * |
| Python3.14 | Ubuntu | devel | * |
| Python3.14 | Ubuntu | resolute | * |
| Python3.14 | Ubuntu | upstream | * |
| Python3.5 | Ubuntu | esm-infra/xenial | * |
Potential Mitigations
Related Attack Patterns
References
- https://cve.org/CVERecord?id=CVE-2024-6923
- https://github.com/python/cpython/commit/052e55e7d44718fe46cbba0ca995cb8fcc359413
- https://github.com/python/cpython/commit/0a925ab591c45d6638f37b5e57796f36fa0e56d8
- https://github.com/python/cpython/commit/7877fe424415bc4a13045e62a90a7277413d8cb9
- https://github.com/python/cpython/commit/842ce19a0c0b58d61591e8f6a708c38db1fb94e4
- https://github.com/python/cpython/commit/8cdf6204f4ae821f32993f8fc6bad0d318f95f36
- https://github.com/python/cpython/commit/e417f05ad77a4c30ddc07f99e90fc0cef43e831a
- https://github.com/python/cpython/issues/144125
- https://github.com/python/cpython/pull/144126
- https://mail.python.org/archives/list/security-announce@python.org/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/