Improper Input Validation in python2.7

Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to Improper Input Validation. In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

Remediation

Upgrade python2.7 to version or higher.

References

ADVISORY
ADVISORY
CONFIRM
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
GENTOO
MISC
MLIST
MLIST
SUSE
SUSE
SUSE
SUSE
UBUNTU

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2019-20907
CWE: CWE-20
Snyk ID: SNYK-UBUNTU1604-PYTHON27-589941
Disclosed: 13 Jul, 2020
Published: 14 Jul, 2020

Improper Input Validation
Affecting python2.7 package, versions <2.7.12-1ubuntu0~16.04.12

Overview

Remediation

References

CVSS Score

Improper Input Validation Affecting python2.7 package, versions <2.7.12-1ubuntu0~16.04.12

Overview

Remediation

References

Improper Input Validation
Affecting python2.7 package, versions <2.7.12-1ubuntu0~16.04.12