CVE-2019-20907

Опубликовано: 10 дек. 2019

Источник: redhat

CVSS3: 7.5

Описание

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

Отчет

A service is vulnerable if it uses python's tarfile module to open untrusted tar files. If an attacker is able to submit a crafted tar file to a service which uses the tarfile module to open it, an infinite loop will be executed, potentially causing a denial of service. The tarfile module is included with python. Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as 'Not affected' as they just provide "symlinks" to the main python3 component, which provides the actual interpreter of the Python programming language.

Меры по смягчению последствий

This flaw can be mitigated by not opening untrusted files with tarfile.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	python	Out of support scope
Red Hat Enterprise Linux 6	python	Out of support scope
Red Hat Enterprise Linux 8	python36:3.6/python36	Not affected
Red Hat Quay 3	python27	Affected
Red Hat Enterprise Linux 7	python	Fixed	RHSA-2020:5009	10.11.2020
Red Hat Enterprise Linux 7	python3	Fixed	RHSA-2020:5010	10.11.2020
Red Hat Enterprise Linux 7.4 Advanced Update Support	python	Fixed	RHSA-2021:0761	09.03.2021
Red Hat Enterprise Linux 7.4 Telco Extended Update Support	python	Fixed	RHSA-2021:0761	09.03.2021
Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions	python	Fixed	RHSA-2021:0761	09.03.2021
Red Hat Enterprise Linux 7.6 Extended Update Support	python	Fixed	RHSA-2021:0881	16.03.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20->CWE-835

https://bugzilla.redhat.com/show_bug.cgi?id=1856481python: infinite loop in the tarfile module via crafted TAR archive

7.5 High

CVSS3

Связанные уязвимости

CVE-2019-20907

CVSS3: 7.5

ubuntu

больше 5 лет назад

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

CVE-2019-20907

CVSS3: 7.5

nvd

больше 5 лет назад

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.