CVE-2019-20907

Published: Jul 13, 2020

Modified: Aug 5, 2024

PUBLISHED

Description

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

FEDORA-2020-dfb11916cc

vendor-advisory

FEDORA-2020-e9251de272

vendor-advisory

USN-4428-1

vendor-advisory

FEDORA-2020-c3b07cc5c9

vendor-advisory

FEDORA-2020-aab24d3714

vendor-advisory

FEDORA-2020-bb919e575e

vendor-advisory

FEDORA-2020-97d775e649

vendor-advisory

GLSA-202008-01

vendor-advisory

FEDORA-2020-826b24c329

vendor-advisory

FEDORA-2020-1ddd5273d6

vendor-advisory

FEDORA-2020-87c0a0a52d

vendor-advisory

FEDORA-2020-efb908b6a8

vendor-advisory

FEDORA-2020-d808fdd597

vendor-advisory

FEDORA-2020-982b2950db

vendor-advisory

FEDORA-2020-c539babb0a

vendor-advisory

[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update

mailing-list

openSUSE-SU-2020:1254

vendor-advisory

openSUSE-SU-2020:1257

vendor-advisory

openSUSE-SU-2020:1258

vendor-advisory

openSUSE-SU-2020:1265

vendor-advisory

FEDORA-2020-d30881c970

vendor-advisory

[debian-lts-announce] 20201119 [SECURITY] [DLA 2456-1] python3.5 security update

mailing-list

https://www.oracle.com/security-alerts/cpujan2021.html

https://bugs.python.org/issue39017

https://github.com/python/cpython/pull/21454

https://security.netapp.com/advisory/ntap-20200731-0002/

[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-20907

Description

Affected Products

References