In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

OSVersionArchitecturePackageVersionFilename
Debian11allpython2.7< 2.7.18-2python2.7_2.7.18-2_all.deb
Debian10allpython2.7< 2.7.16-2+deb10u2python2.7_2.7.16-2+deb10u2_all.deb
Debian10allpython3.7< 3.7.3-2+deb10u2python3.7_3.7.3-2+deb10u2_all.deb
Debian11allpython3.9< 3.9.0~b5-1python3.9_3.9.0~b5-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	python2.7	< 2.7.18-2	python2.7_2.7.18-2_all.deb
Debian	10	all	python2.7	< 2.7.16-2+deb10u2	python2.7_2.7.16-2+deb10u2_all.deb
Debian	10	all	python3.7	< 3.7.3-2+deb10u2	python3.7_3.7.3-2+deb10u2_all.deb
Debian	11	all	python3.9	< 3.9.0~b5-1	python3.9_3.9.0~b5-1_all.deb

suse 6

nessus 94

openvas 3

fedora 15

veracode 1

redhatcve 1

redhat 20

oraclelinux 5

osv 10

ubuntucve 1

ibm 5

amazon 6

cve 1

f5 1

prion 1

alpinelinux 1

centos 2

cbl_mariner 3

almalinux 3

debian 3

gentoo 1

rocky 2

rosalinux 3

ubuntu 2

cloudfoundry 1

freebsd 1

archlinux 1

mageia 1

photon 5

suse

Security update for python3 (moderate)

2020-08-27 00:00:00

Security update for python3 (moderate)

2020-08-25 00:00:00

Security update for python (moderate)

2020-08-25 00:00:00

nessus

SUSE SLES12 Security Update : python (SUSE-SU-2020:2275-1)

2020-08-20 00:00:00

NewStart CGSL CORE 5.05 / MAIN 5.05 : python Vulnerability (NS-SA-2021-0152)

2021-10-27 00:00:00

SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:2277-1)

2020-08-20 00:00:00

openvas

Python <= 3.8.3 DoS Vulnerability (Linux)

2020-07-16 00:00:00

Python <= 3.8.3 DoS Vulnerability (Windows)

2020-07-16 00:00:00

Python <= 3.8.3 DoS Vulnerability (Windows)

2020-07-16 00:00:00

fedora

[SECURITY] Fedora 32 Update: python39-3.9.0~b5-1.fc32

2020-07-30 18:57:22

[SECURITY] Fedora 31 Update: python39-3.9.0~b5-1.fc31

2020-07-30 19:09:04

[SECURITY] Fedora 31 Update: python38-3.8.5-1.fc31

2020-07-30 19:09:05

veracode

Denial Of Service (DoS)

2020-08-06 21:29:42

redhatcve

CVE-2019-20907

2020-07-13 19:16:55

redhat

(RHSA-2021:0761) Moderate: python security update

2021-03-09 08:48:14

(RHSA-2021:0528) Moderate: python security update

2021-02-16 07:11:32

(RHSA-2021:0881) Moderate: python security update

2021-03-16 13:07:52

oraclelinux

python security update

2020-11-13 00:00:00

python3 security update

2020-11-13 00:00:00

python27:2.7 security update

2020-11-10 00:00:00

osv

Infinite loop in tarfile module while opening a crafted file

2020-07-13 00:00:00

CVE-2019-20907

2020-07-13 13:15:10

python3.5 - security update

2020-11-18 00:00:00

ubuntucve

CVE-2019-20907

2020-07-13 00:00:00

ibm

Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Python (CVE-2019-20907)

2023-08-15 17:37:56

Security Bulletin: Publicly disclosed vulnerability from Python affects IBM Netezza Host Management

2020-11-10 10:59:11

Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Python (CVE-2019-20907)

2023-08-17 17:52:34

amazon

Medium: python27

2020-08-27 00:20:00

Medium: python

2020-09-01 00:40:00

Medium: python34, python35, python36

2020-09-03 22:08:00

cve

CVE-2019-20907

2020-07-13 13:15:00

K78284681 : Python tarfile library vulnerability CVE-2019-20907

2021-06-01 00:00:00

prion

Input validation

2020-07-13 13:15:00

alpinelinux

CVE-2019-20907

2020-07-13 13:15:00

centos

python, tkinter security update

2020-11-18 17:21:38

python3 security update

2020-11-18 17:23:37

cbl_mariner

CVE-2019-20907 affecting package python2 2.7.18-8

2022-04-09 06:51:57

CVE-2019-20907 affecting package python2 2.7.18-9

2020-11-30 19:30:47

CVE-2019-20907 affecting package python3 3.7.7-2

2021-07-08 21:56:42

almalinux

Moderate: python27:2.7 security update

2020-11-03 12:24:08

Moderate: python3 security and bug fix update

2020-11-03 12:04:08

Moderate: python38:3.8 security, bug fix, and enhancement update

2020-11-03 12:23:02

debian

[SECURITY] [DLA 2456-1] python3.5 security update

2020-11-19 03:44:14

[SECURITY] [DLA 2337-1] python2.7 security update

2020-08-22 14:48:43

[SECURITY] [DLA 3432-1] python2.7 security update

2023-05-24 17:31:47

gentoo

Python: Multiple vulnerabilities

2020-08-02 00:00:00

rocky

python27:2.7 security update

2020-11-03 12:24:08

python38:3.8 security, bug fix, and enhancement update

2020-11-03 12:23:02

rosalinux

Advisory ROSA-SA-2023-2202

2023-07-25 10:31:09

Advisory ROSA-SA-2023-2203

2023-08-01 12:58:39

Advisory ROSA-SA-2021-1957

2021-07-02 18:03:40

ubuntu

Python vulnerabilities

2020-07-22 00:00:00

Python vulnerabilities

2021-03-12 00:00:00

cloudfoundry

USN-4428-1: Python vulnerabilities | Cloud Foundry

2020-08-27 00:00:00

freebsd

Python -- multiple vulnerabilities

2020-08-19 00:00:00

archlinux

[ASA-202103-27] python2: multiple issues

2021-03-25 00:00:00

mageia

Updated python and python3 packages fix security vulnerabilities

2020-12-08 13:40:32

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0265

2020-07-28 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0309

2020-07-25 00:00:00

Important Photon OS Security Update - PHSA-2020-0309

2020-07-25 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

84.3%

JSON

Related for DEBIANCVE:CVE-2019-20907