Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-16056

Опубликовано: 06 сент. 2019
Источник: debian

Описание

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python3.8fixed3.8.0~b4-1package
python3.7fixed3.7.4-4package
python3.7fixed3.7.3-2+deb10u1busterpackage
python3.5removedpackage
python3.4removedpackage
python2.7fixed2.7.17~rc1-1package
python2.7fixed2.7.16-2+deb10u1busterpackage

Примечания

  • https://bugs.python.org/issue34155

  • https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9 (master)

  • https://github.com/python/cpython/commit/217077440a6938a0b428f67cfef6e053c4f8673c (v3.8.0b4)

  • https://github.com/python/cpython/commit/c48d606adcef395e59fd555496c42203b01dd3e8 (3.7 branch)

  • https://github.com/python/cpython/commit/13a19139b5e76175bc95294d54afc9425e4f36c9 (3.6 branch)

  • https://github.com/python/cpython/commit/063eba280a11d3c9a5dd9ee5abe4de640907951b (3.5 branch)

  • https://github.com/python/cpython/commit/4cbcd2f8c4e12b912e4d21fd892eedf7a3813d8e (2.7 branch)

Связанные уязвимости

ubuntu логотип

CVE-2019-16056

CVSS3: 7.5
ubuntu
почти 6 лет назад

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

redhat логотип

CVE-2019-16056

CVSS3: 7.3
redhat
около 7 лет назад

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

nvd логотип

CVE-2019-16056

CVSS3: 7.5
nvd
почти 6 лет назад

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

suse-cvrf логотип

SUSE-SU-2021:14198-1

suse-cvrf
больше 4 лет назад

Security update for python

suse-cvrf логотип

SUSE-RU-2020:1342-1

suse-cvrf
около 5 лет назад

Recommended update for python3