CVE-2019-16056

Published: Sep 6, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

Affected (28)

Products: Python: Python · Fedoraproject: Fedora · Debian: Debian Linux · +4 more

Show all products

Python: Python · Fedoraproject: Fedora · Debian: Debian Linux · Canonical: Ubuntu Linux · Redhat: Software Collections · Oracle: Communications Operations Monitor, Peoplesoft Enterprise Peopletools, Solaris, Zfs Storage Appliance Kit · Opensuse: Leap

1 product

1 product

1 product

1 product

1 product

4 products

Communications Operations Monitor

Peoplesoft Enterprise Peopletools

Solaris

Zfs Storage Appliance Kit

Opensuse

1 product

Leap

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Python Python	Up to 2.7.16
Python Python	From 3.0.0 to 3.0.1
Python Python	From 3.1.0 to 3.1.5
Python Python	From 3.2.0 to 3.2.6
Python Python	From 3.3.0 to 3.3.7
Python Python	From 3.4.0 to 3.4.10
Python Python	From 3.5.0 to 3.5.7
Python Python	From 3.6.0 to 3.6.9
Python Python	From 3.7.0 to 3.7.4

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30
Fedoraproject Fedora	Version 31

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration D

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.04

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Software Collections	Version 1.0

Configuration F

6 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Operations Monitor	From 4.1 to 4.3
Oracle Communications Operations Monitor	Version 3.4
Oracle Peoplesoft Enterprise Peopletools	Version 8.57
Oracle Peoplesoft Enterprise Peopletools	Version 8.58
Oracle Solaris	Version 11
Oracle Zfs Storage Appliance Kit	Version 8.8

Configuration G

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 15.1

References (68)

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3725

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3948

Source: cve@mitre.org

Third Party Advisory

https://bugs.python.org/issue34155

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9

Source: cve@mitre.org

Patch

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEARDOTXCYPYELKBD2KWZ27GSPXDI3GQ/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OYGESQSGIHDCIGOBVF7VXCMIE6YDWRYB/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QASRD4E2G65GGEHYKVHYCXB2XWAGTNL4/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QP46PQSUKYPGWTADQ67NOV3BUN6JM34Z/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDQQ56P7ZZR64XV5DUVWNSNXKKEXUG2J/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/

Source: cve@mitre.org

https://security.netapp.com/advisory/ntap-20190926-0005/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4151-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4151-2/

Source: cve@mitre.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2020.html

Source: cve@mitre.org

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Source: cve@mitre.org

PatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html