CVE-2025-1795Improper Encoding or Escaping of Output in Software Foundation Cpython

CWE-116Improper Encoding or Escaping of OutputCWE-168Improper Handling of Inconsistent Special ElementsCWE-476NULL Pointer Dereference10 documents8 sources
Severity
2.3LOWNVD
EPSS
0.8%
top 26.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Python Software Foundation Cpython
Timeline
PublishedFeb 28
Latest updateJun 16

Description

During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5python_software_foundation/cpython3.10.03.10.17+4

🔴Vulnerability Details

4
OSV
python3.13, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6 vulnerabilities2025-06-16
CVEList
Mishandling of comma during folding and unicode-encoding of email headers2025-02-28
OSV
CVE-2025-1795: During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is al2025-02-28
GHSA
GHSA-c266-vjjr-2v8j: During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is al2025-02-28

📋Vendor Advisories

4
Ubuntu
Python vulnerabilities2025-06-16
Red Hat
python: Mishandling of comma during folding and unicode-encoding of email headers2025-02-28
Microsoft
Mishandling of comma during folding and unicode-encoding of email headers2025-02-11
Debian
CVE-2025-1795: pypy3 - During an address list folding when a separating comma ends up on a folded line ...2025
CVE-2025-1795 — Improper Encoding or Escaping of Output | cvebase