Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

Related bugs and status

CVE-2019-20907 (Candidate) is related to these bugs:

Bug #1811531: remote execution vulnerability

		In	Importance	Status
1811531	remote execution vulnerability	zeromq3 (Ubuntu)	Undecided	Fix Released
1811531	remote execution vulnerability	zeromq3 (Debian)	Unknown	Fix Released
1811531	remote execution vulnerability	zeromq (Suse)	High	Fix Released

Bug #1987927: CVE: CVE-2021-3177 - python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c

Summary				In	Importance	Status
	1987927	CVE: CVE-2021-3177 - python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c		StarlingX	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.python.or...
CONFIRM: https://github.com/pyt...
FEDORA: FEDORA-2020-dfb11916cc
FEDORA: FEDORA-2020-e9251de272
UBUNTU: USN-4428-1
FEDORA: FEDORA-2020-97d775e649
FEDORA: FEDORA-2020-aab24d3714
FEDORA: FEDORA-2020-bb919e575e
FEDORA: FEDORA-2020-c3b07cc5c9
CONFIRM: https://security.netap...
GENTOO: GLSA-202008-01
FEDORA: FEDORA-2020-1ddd5273d6
FEDORA: FEDORA-2020-826b24c329
FEDORA: FEDORA-2020-87c0a0a52d
FEDORA: FEDORA-2020-efb908b6a8
FEDORA: FEDORA-2020-d808fdd597
FEDORA: FEDORA-2020-982b2950db
FEDORA: FEDORA-2020-c539babb0a
MLIST: [debian-lts-announce] ...
SUSE: openSUSE-SU-2020:1254
SUSE: openSUSE-SU-2020:1257
SUSE: openSUSE-SU-2020:1258
SUSE: openSUSE-SU-2020:1265
FEDORA: FEDORA-2020-d30881c970
MLIST: [debian-lts-announce] ...
MISC: https://www.oracle.com...
MLIST: [debian-lts-announce] ...