CVE-2019-16056
06.09.2019, 18:15
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.Enginsight
| Vendor | Product | Version |
|---|---|---|
| python | python | 𝑥 ≤ 2.7.16 |
| python | python | 3.0.0 ≤ 𝑥 ≤ 3.0.1 |
| python | python | 3.1.0 ≤ 𝑥 ≤ 3.1.5 |
| python | python | 3.2.0 ≤ 𝑥 ≤ 3.2.6 |
| python | python | 3.3.0 ≤ 𝑥 ≤ 3.3.7 |
| python | python | 3.4.0 ≤ 𝑥 ≤ 3.4.10 |
| python | python | 3.5.0 ≤ 𝑥 ≤ 3.5.7 |
| python | python | 3.6.0 ≤ 𝑥 ≤ 3.6.9 |
| python | python | 3.7.0 ≤ 𝑥 ≤ 3.7.4 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 19.04 |
| redhat | software_collections | 1.0 |
| oracle | communications_operations_monitor | 4.1 ≤ 𝑥 ≤ 4.3 |
| oracle | communications_operations_monitor | 3.4 |
| oracle | peoplesoft_enterprise_peopletools | 8.57 |
| oracle | peoplesoft_enterprise_peopletools | 8.58 |
| oracle | zfs_storage_appliance_kit | 8.8 |
| opensuse | leap | 15.0 |
| opensuse | leap | 15.1 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| python2.7 |
| ||||||||||||||||||||||||||||
| python3.4 |
| ||||||||||||||||||||||||||||
| python3.5 |
| ||||||||||||||||||||||||||||
| python3.6 |
| ||||||||||||||||||||||||||||
| python3.7 |
|
References