Lucene search

K
cveMitreCVE-2019-16056
HistorySep 06, 2019 - 6:15 p.m.

CVE-2019-16056

2019-09-0618:15:15
mitre
web.nvd.nist.gov
565
cve-2019-16056
python
email module
vulnerability
parsing error
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0.004

Percentile

75.4%

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

Affected configurations

Nvd
Node
pythonpythonRange2.7.16
OR
pythonpythonRange3.0.03.0.1
OR
pythonpythonRange3.1.03.1.5
OR
pythonpythonRange3.2.03.2.6
OR
pythonpythonRange3.3.03.3.7
OR
pythonpythonRange3.4.03.4.10
OR
pythonpythonRange3.5.03.5.7
OR
pythonpythonRange3.6.03.6.9
OR
pythonpythonRange3.7.03.7.4
Node
fedoraprojectfedoraMatch29
OR
fedoraprojectfedoraMatch30
OR
fedoraprojectfedoraMatch31
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
Node
canonicalubuntu_linuxMatch12.04-
OR
canonicalubuntu_linuxMatch14.04esm
OR
canonicalubuntu_linuxMatch16.04esm
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch19.04
Node
redhatsoftware_collectionsMatch1.0
Node
oraclecommunications_operations_monitorRange4.14.3
OR
oraclecommunications_operations_monitorMatch3.4
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.57
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.58
OR
oraclezfs_storage_appliance_kitMatch8.8
OR
oraclesolarisMatch11
Node
opensuseleapMatch15.0
OR
opensuseleapMatch15.1
VendorProductVersionCPE
pythonpython*cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
fedoraprojectfedora29cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
fedoraprojectfedora30cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
fedoraprojectfedora31cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Rows per page:
1-10 of 201

References

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0.004

Percentile

75.4%