CVE-2025-1795

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-1795

CGA ID

CGA-jjpm-c2j7-5xxm

Severity

Unknown

Description

During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.

References

https://images.chainguard.dev/security/CGA-jjpm-c2j7-5xxm
https://github.com/advisories/GHSA-c266-vjjr-2v8j
https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48
https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593
https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74
https://github.com/python/cpython/issues/100884
https://github.com/python/cpython/pull/100885
https://github.com/python/cpython/pull/119099
https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/
https://security-tracker.debian.org/tracker/CVE-2025-1795

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2025-1795

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources