Skip to content

Potential Quadratic Complexity Vulnerabilities in the email Module #136063

New issue
New issue
Open
Open
Potential Quadratic Complexity Vulnerabilities in the email Module#136063
Labels
3.10only security fixes3.11only security fixes3.12only security fixes3.13bugs and security fixes3.14bugs and security fixes3.15new features, bugs and security fixes3.9only security fixesstdlibPython modules in the Lib dirtopic-emailtype-securityA security issue
@kexinoh

Description

@kexinoh
kexinoh
opened on Jun 28, 2025

Bug Description:
A series of simple quadratic complexity vulnerabilities has been identified in the email package. After confirmation by CPython's security team, these low-threat DOS vulnerabilities can be fixed with community assistance.

Vulnerability Locations (All Fixed):

  1. cpython/Lib/email/message.py

    Line 73 in 5ab66a8

    def _parseparam(s):

    2.

    cpython/Lib/email/_header_value_parser.py

    Line 1424 in 5ab66a8

    def get_phrase(value):

    3.

    cpython/Lib/email/_header_value_parser.py

    Line 1506 in 5ab66a8

    while value and (value[0]=='\\' or value[0] not in PHRASE_ENDS):

    4.

    cpython/Lib/email/_header_value_parser.py

    Line 1688 in 5ab66a8

    value = value[1:]

    5.

    cpython/Lib/email/_header_value_parser.py

    Line 1697 in 5ab66a8

    value = value[1:]

    6.

    cpython/Lib/email/_header_value_parser.py

    Line 1847 in 5ab66a8

    value = value[1:]

    7.

    cpython/Lib/email/_header_value_parser.py

    Line 2200 in 5ab66a8

    value = value[1:]

    8.

    cpython/Lib/email/_header_value_parser.py

    Line 2231 in 5ab66a8

    value = value[1:]

    9.

    cpython/Lib/email/_header_value_parser.py

    Line 2260 in 5ab66a8

    value = value[1:]

    10.

    cpython/Lib/email/_header_value_parser.py

    Line 2411 in 5ab66a8

    value = value[1:]

    11.

    cpython/Lib/email/_header_value_parser.py

    Line 2570 in 5ab66a8

    value = value[1:]

    12.

    cpython/Lib/email/_header_value_parser.py

    Line 2642 in 5ab66a8

    value = value[1:]

    13.

    cpython/Lib/email/_header_value_parser.py

    Line 2762 in 5ab66a8

    value = value[1:]

    14.

    cpython/Lib/email/_header_value_parser.py

    Line 2965 in 5ab66a8

    to_encode = to_encode[1:]

Repair Status:

Common Information:

  • CPython Version: main branch
  • Operating System: Linux
  • Credits: Finder is kexinoh (Xiangfan Wu) from QI-ANXIN Technology Research Institute.

Linked PRs

Metadata

Metadata

Assignees

No one assigned

    Labels

    3.10only security fixes3.11only security fixes3.12only security fixes3.13bugs and security fixes3.14bugs and security fixes3.15new features, bugs and security fixes3.9only security fixesstdlibPython modules in the Lib dirtopic-emailtype-securityA security issue

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions