CVE-2024-6923
📋 TL;DR
This vulnerability in CPython's email module allows header injection when serializing email messages due to improper quoting of newlines in email headers. Attackers could inject malicious headers or modify email content during serialization. This affects any Python application using the email module to serialize email messages.
💻 Affected Systems
- CPython
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Email spoofing, phishing attacks, email content manipulation, or injection of malicious headers leading to further exploitation.
Likely Case
Email header manipulation allowing spoofing or injection of malicious content in emails generated by vulnerable applications.
If Mitigated
Limited impact if email validation and sanitization are performed before serialization.
🎯 Exploit Status
Exploitation requires control over email content being serialized and knowledge of the vulnerable email module usage.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Python 3.12.8, 3.13.0a6 and later
Vendor Advisory: https://github.com/python/cpython/security/advisories
Restart Required: Yes
Instructions:
1. Update Python to version 3.12.8 or later. 2. For Python 3.13, update to 3.13.0a6 or later. 3. Restart all Python applications and services.
🔧 Temporary Workarounds
Input validation and sanitization
allValidate and sanitize all email headers before passing to email module serialization functions.
Use alternative email libraries
allTemporarily use third-party email libraries that are not affected by this vulnerability.
🧯 If You Can't Patch
- Implement strict input validation for all email headers processed by the application
- Use WAF or proxy to filter malicious email content before it reaches the vulnerable application
🔍 How to Verify
Check if Vulnerable:
Check Python version and test if email header serialization properly quotes newlines.Check Version:
python --versionVerify Fix Applied:
After patching, verify Python version and test that newlines in email headers are properly quoted during serialization.📡 Detection & Monitoring
Log Indicators:
- Unusual email serialization errors
- Email headers containing newline characters
- Abnormal email generation patterns
Network Indicators:
- Emails with malformed headers
- Emails containing unexpected newlines in headers
SIEM Query:
Search for email generation logs containing newline characters in header fields or abnormal serialization patterns.🔗 References
- https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147
- https://github.com/python/cpython/commit/097633981879b3c9de9a1dd120d3aa585ecc2384
- https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7
- https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0
- https://github.com/python/cpython/commit/b158a76ce094897c870fb6b3de62887b7ccc33f1
- https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e6
- https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533
- https://github.com/python/cpython/issues/121650
- https://github.com/python/cpython/pull/122233
- https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/
- http://www.openwall.com/lists/oss-security/2024/08/01/3
- http://www.openwall.com/lists/oss-security/2024/08/02/2
- https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00005.html
- https://security.netapp.com/advisory/ntap-20240926-0003/
