[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-20907Date: (C)2020-07-14   (M)2024-02-16


In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: HIGH 
  
Reference:
FEDORA-2020-1ddd5273d6
FEDORA-2020-826b24c329
FEDORA-2020-87c0a0a52d
FEDORA-2020-97d775e649
FEDORA-2020-982b2950db
FEDORA-2020-aab24d3714
FEDORA-2020-bb919e575e
FEDORA-2020-c3b07cc5c9
FEDORA-2020-c539babb0a
FEDORA-2020-d30881c970
FEDORA-2020-d808fdd597
FEDORA-2020-dfb11916cc
FEDORA-2020-e9251de272
FEDORA-2020-efb908b6a8
GLSA-202008-01
USN-4428-1
https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html
https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html
https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html
https://bugs.python.org/issue39017
https://github.com/python/cpython/pull/21454
https://security.netapp.com/advisory/ntap-20200731-0002/
https://www.oracle.com/security-alerts/cpujan2021.html
openSUSE-SU-2020:1254
openSUSE-SU-2020:1257
openSUSE-SU-2020:1258
openSUSE-SU-2020:1265

CPE    5
cpe:/o:debian:debian_linux:9.0
cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:12.04::~~esm~~~
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
...
CWE    1
CWE-835
OVAL    57
oval:org.secpod.oval:def:1601187
oval:org.secpod.oval:def:1601182
oval:org.secpod.oval:def:67954
oval:org.secpod.oval:def:504682
...

© SecPod Technologies