漏洞信息详情
Python 输入验证错误漏洞
- CNNVD编号:CNNVD-202007-558 <!--
- 危害等级: 高危-->
- 危害等级: 高危
- CVE编号: CVE-2019-20907
- 漏洞类型: 输入验证错误
- 发布时间: 2020-07-13
- 威胁类型: 远程
- 更新时间: 2021-12-01
- 厂 商:
- 漏洞来源: Red Hat
-
漏洞简介
Python是Python基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。
Python 3.8.3及之前版本中的Lib/tarfile.py文件存在输入验证错误漏洞,该漏洞源于_proc_pax缺少标头验证。攻击者可借助TAR归档文件利用该漏洞导致无限循环。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://bugs.python.org/issue39017
参考网址
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/YSL3XWVDMSMKO23HR74AJQ6VEM3C2NTS/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/VT4AF72TJ2XNIKCR4WEBR7URBJJ4YZRD/
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00053.html
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/LE4O3PNDNNOMSKHNUKZKD3NGHIFUFDPX/
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/YILCHHTNLH4GG4GSQBX2MZRKZBXOLCKE/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/36XI3EEQNMHGOZEI63Y7UV6XZRELYEAU/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/V3TALOUBYU2MQD4BPLRTDQUMBKGCAXUA/
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00052.html
来源:CONFIRM
链接:https://github.com/python/cpython/pull/21454
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/CTUNTBJ3POHONQOTLEZC46POCIYYTAKZ/
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00056.html
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/NTBKKOLFFNHG6CM4ACDX4APHSD5ZX5N4/
来源:MISC
链接:https://www.oracle.com/security-alerts/cpujan2021.html
来源:GENTOO
链接:https://security.gentoo.org/glsa/202008-01
来源:UBUNTU
链接:https://usn.ubuntu.com/4428-1/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/PDKKRXLNVXRF6VGERZSR3OMQR5D5QI6I/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/CNHPQGSP2YM3JAUD2VAMPXTIUQTZ2M2U/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/TOGKLGTXZLHQQFBVCAPSUDA6DOOJFNRY/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/V53P2YOLEQH4J7S5QHXMKMZYFTVVMTMO/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/CAXHCY4V3LPAAJOBCJ26ISZ4NUXQXTUZ/
来源:CONFIRM
链接:https://bugs.python.org/issue39017
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00051.html
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20200731-0002/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/161536/Red-Hat-Security-Advisory-2020-5635-01.html
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-python-cve-2019-20907/
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021052216
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4179/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1885
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1727
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1207
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2796/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159811/Red-Hat-Security-Advisory-2020-4433-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3591/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158705/Gentoo-Linux-Security-Advisory-202008-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3212/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158524/Ubuntu-Security-Notice-USN-4428-1.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3995/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0927
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3887/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4237/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-python3-affect-ibm-cloud-pak-for-multicloud-management-hybrid-grc/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4100/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0844
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6520474
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0691
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4407/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162694/Red-Hat-Security-Advisory-2021-2021-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0099/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-python-affects-ibm-netezza-host-management/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160889/Red-Hat-Security-Advisory-2021-0050-01.html
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Python-overload-via-TAR-File-32888
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162130/Red-Hat-Security-Advisory-2021-1129-01.html
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2019-20907
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3614/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160125/Red-Hat-Security-Advisory-2020-5149-01.html
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities-3/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/161698/Red-Hat-Security-Advisory-2021-0761-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160207/Red-Hat-Security-Advisory-2020-5118-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3828/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159655/Red-Hat-Security-Advisory-2020-4299-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2871/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159650/Red-Hat-Security-Advisory-2020-4273-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0899
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/161767/Ubuntu-Security-Notice-USN-4754-3.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4513/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159983/Red-Hat-Security-Advisory-2020-5009-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0234/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0584
来源:www.nsfocus.net
链接:http://www.nsfocus.net/vulndb/48185
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1193
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160551/Red-Hat-Security-Advisory-2020-5359-01.html
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021060206
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0864
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0986
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2604
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2511/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0013/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/161424/Red-Hat-Security-Advisory-2021-0528-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/161916/Red-Hat-Security-Advisory-2021-0949-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162142/Red-Hat-Security-Advisory-2021-1079-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/161838/Red-Hat-Security-Advisory-2021-0881-01.html
受影响实体
暂无
补丁
暂无
还没有评论,来说两句吧...