The IMAP4 protocol supports "literal" syntax, when one side specifies the size of the data and then sends the specified amount of bytes. The imaplib client reads such data with a single read(size) call, and therefore is affected by the general vulnerability in the read() method -- it allocates the amount of memory that came from untrusted source. Just an attempt to connect to the malicious IMAP4 server can send your Python program in swap.

Linked PRs

• gh-119511: Fix OOM vulnerability in imaplib #119514
• [3.13] gh-119511: Fix a potential denial of service in imaplib (GH-119514) #129355
• [3.12] gh-119511: Fix a potential denial of service in imaplib (GH-119514) #129356
• [3.11] gh-119511: Fix a potential denial of service in imaplib (GH-119514) #129357
• [3.10] gh-119511: Fix a potential denial of service in imaplib (GH-119514) #129358
• [3.9] gh-119511: Fix a potential denial of service in imaplib (GH-119514) #130248