A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

Mitigation

This flaw can be mitigated by not opening untrusted files with tarfile.

References

bugzilla.redhat.com/show_bug.cgi?id=1856481

nvd.nist.gov/vuln/detail/CVE-2019-20907

www.cve.org/CVERecord?id=CVE-2019-20907

suse 6

openvas 3

nessus 94

fedora 15

veracode 1

redhat 20

f5 1

prion 1

ibm 5

osv 10

centos 2

alpinelinux 1

cbl_mariner 3

amazon 6

debiancve 1

oraclelinux 5

cve 1

ubuntucve 1

almalinux 3

debian 3

gentoo 1

rocky 2

rosalinux 3

cloudfoundry 1

ubuntu 2

freebsd 1

archlinux 1

mageia 1

photon 5

suse

Security update for python3 (moderate)

2020-08-27 00:00:00

Security update for python3 (moderate)

2020-08-25 00:00:00

Security update for python (moderate)

2020-08-25 00:00:00

openvas

Python <= 3.8.3 DoS Vulnerability (Linux)

2020-07-16 00:00:00

Python <= 3.8.3 DoS Vulnerability (Windows)

2020-07-16 00:00:00

Python <= 3.8.3 DoS Vulnerability (Windows)

2020-07-16 00:00:00

nessus

SUSE SLES12 Security Update : python (SUSE-SU-2020:2275-1)

2020-08-20 00:00:00

NewStart CGSL CORE 5.05 / MAIN 5.05 : python Vulnerability (NS-SA-2021-0152)

2021-10-27 00:00:00

SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:2277-1)

2020-08-20 00:00:00

fedora

[SECURITY] Fedora 32 Update: python39-3.9.0~b5-1.fc32

2020-07-30 18:57:22

[SECURITY] Fedora 31 Update: python39-3.9.0~b5-1.fc31

2020-07-30 19:09:04

[SECURITY] Fedora 31 Update: python38-3.8.5-1.fc31

2020-07-30 19:09:05

veracode

Denial Of Service (DoS)

2020-08-06 21:29:42

redhat

(RHSA-2021:0761) Moderate: python security update

2021-03-09 08:48:14

(RHSA-2021:0528) Moderate: python security update

2021-02-16 07:11:32

(RHSA-2021:0881) Moderate: python security update

2021-03-16 13:07:52

K78284681 : Python tarfile library vulnerability CVE-2019-20907

2021-06-01 00:00:00

prion

Input validation

2020-07-13 13:15:00

ibm

Security Bulletin: Publicly disclosed vulnerability from Python affects IBM Netezza Host Management

2020-11-10 10:59:11

Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Python (CVE-2019-20907)

2023-08-17 17:52:34

Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Python (CVE-2019-20907)

2023-08-15 17:37:56

osv

CVE-2019-20907

2020-07-13 13:15:10

Infinite loop in tarfile module while opening a crafted file

2020-07-13 00:00:00

python3.5 - security update

2020-11-18 00:00:00

centos

python, tkinter security update

2020-11-18 17:21:38

python3 security update

2020-11-18 17:23:37

alpinelinux

CVE-2019-20907

2020-07-13 13:15:00

cbl_mariner

CVE-2019-20907 affecting package python2 2.7.18-9

2020-11-30 19:30:47

CVE-2019-20907 affecting package python2 2.7.18-8

2022-04-09 06:51:57

CVE-2019-20907 affecting package python3 3.7.7-2

2021-07-08 21:56:42

amazon

Medium: python

2020-09-01 00:40:00

Medium: python27

2020-08-27 00:20:00

Medium: python3

2020-09-01 00:40:00

debiancve

CVE-2019-20907

2020-07-13 13:15:00

oraclelinux

python security update

2020-11-13 00:00:00

python3 security update

2020-11-13 00:00:00

python27:2.7 security update

2020-11-10 00:00:00

cve

CVE-2019-20907

2020-07-13 13:15:00

ubuntucve

CVE-2019-20907

2020-07-13 00:00:00

almalinux

Moderate: python27:2.7 security update

2020-11-03 12:24:08

Moderate: python3 security and bug fix update

2020-11-03 12:04:08

Moderate: python38:3.8 security, bug fix, and enhancement update

2020-11-03 12:23:02

debian

[SECURITY] [DLA 2456-1] python3.5 security update

2020-11-19 03:44:14

[SECURITY] [DLA 2337-1] python2.7 security update

2020-08-22 14:48:43

[SECURITY] [DLA 3432-1] python2.7 security update

2023-05-24 17:31:47

gentoo

Python: Multiple vulnerabilities

2020-08-02 00:00:00

rocky

python27:2.7 security update

2020-11-03 12:24:08

python38:3.8 security, bug fix, and enhancement update

2020-11-03 12:23:02

rosalinux

Advisory ROSA-SA-2023-2202

2023-07-25 10:31:09

Advisory ROSA-SA-2023-2203

2023-08-01 12:58:39

Advisory ROSA-SA-2021-1957

2021-07-02 18:03:40

cloudfoundry

USN-4428-1: Python vulnerabilities | Cloud Foundry

2020-08-27 00:00:00

ubuntu

Python vulnerabilities

2020-07-22 00:00:00

Python vulnerabilities

2021-03-12 00:00:00

freebsd

Python -- multiple vulnerabilities

2020-08-19 00:00:00

archlinux

[ASA-202103-27] python2: multiple issues

2021-03-25 00:00:00

mageia

Updated python and python3 packages fix security vulnerabilities

2020-12-08 13:40:32

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0265

2020-07-28 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0309

2020-07-25 00:00:00

Important Photon OS Security Update - PHSA-2020-0309

2020-07-25 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

84.3%

JSON

Related for RH:CVE-2019-20907