system/python3: multiple vulnerabilities
Bugzilla ID | 232 |
Alias(es) | CVE-2019-18348, CVE-2019-20907, CVE-2019-20916, CVE-2019-9674, CVE-2020-14422, CVE-2020-26116, CVE-2020-27619, CVE-2020-8315, CVE-2020-8492 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-02-24 22:56:38 -0600 |
Modified | 2020-12-03 23:22:57 -0600 |
Status | CONFIRMED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Package(s) | system/python3 |
Description
CVE-2019-18348: https://nvd.nist.gov/vuln/detail/CVE-2019-18348
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and
urllib in Python 3.x through 3.8.0. CRLF injection is possible if the
attacker controls a url parameter, as demonstrated by the first
argument to urllib.request.urlopen with \r\n (specifically in the host
component of a URL) followed by an HTTP header. This is similar to the
CVE-2019-9740 query string issue and the CVE-2019-9947 path string
issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)
CVE-2020-8315: https://nvd.nist.gov/vuln/detail/CVE-2020-8315
In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8
through 3.8.1, an insecure dependency load upon launch on Windows 7
may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll
being loaded and used instead of the system's copy. Windows 8 and
later are unaffected.
CVE-2020-8492: https://nvd.nist.gov/vuln/detail/CVE-2020-8492
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7
through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct
Regular Expression Denial of Service (ReDoS) attacks against a client
because of urllib.request.AbstractBasicAuthHandler catastrophic
backtracking.