CVE-2025-1795

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-1795

Severity

Unknown

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1795
https://github.com/advisories/GHSA-c266-vjjr-2v8j
https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/
https://lists.debian.org/debian-lts-announce/2025/03/msg00013.html
https://github.com/python/cpython/issues/100884
https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48
https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593
https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74
https://github.com/python/cpython/commit/a4ef689ce670684ec132204b1cd03720c8e0a03d
https://github.com/python/cpython/commit/d4df3c55e4c5513947f907f24766b34d2ae8c090
https://github.com/python/cpython/pull/100885
https://github.com/python/cpython/pull/119099

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2025-1795

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company