Description
Bug Description:
A series of simple quadratic complexity vulnerabilities has been identified in the email package. After confirmation by CPython's security team, these low-threat DOS vulnerabilities can be fixed with community assistance.
Vulnerability Locations (All Fixed):
Line 73 in 5ab66a8
2.cpython/Lib/email/_header_value_parser.py
Line 1424 in 5ab66a8
3.cpython/Lib/email/_header_value_parser.py
Line 1506 in 5ab66a8
4.cpython/Lib/email/_header_value_parser.py
Line 1688 in 5ab66a8
5.cpython/Lib/email/_header_value_parser.py
Line 1697 in 5ab66a8
6.cpython/Lib/email/_header_value_parser.py
Line 1847 in 5ab66a8
7.cpython/Lib/email/_header_value_parser.py
Line 2200 in 5ab66a8
8.cpython/Lib/email/_header_value_parser.py
Line 2231 in 5ab66a8
9.cpython/Lib/email/_header_value_parser.py
Line 2260 in 5ab66a8
10.cpython/Lib/email/_header_value_parser.py
Line 2411 in 5ab66a8
11.cpython/Lib/email/_header_value_parser.py
Line 2570 in 5ab66a8
12.cpython/Lib/email/_header_value_parser.py
Line 2642 in 5ab66a8
13.cpython/Lib/email/_header_value_parser.py
Line 2762 in 5ab66a8
14.cpython/Lib/email/_header_value_parser.py
Line 2965 in 5ab66a8
Repair Status:
- @picnixz is currently fixing all listed vulnerabilities in the email package (gh-136063: fix various quadratic worst-time complexities in
_header_value_parser.py[WIP] #134947).
Common Information:
- CPython Version: main branch
- Operating System: Linux
- Credits: Finder is kexinoh (Xiangfan Wu) from QI-ANXIN Technology Research Institute.