CVE-2019-18348 Information

Feb 14, 2021 cve

Description

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18 v2.7.18rc1; v3.5.10 v3.5.10rc1; v3.6.11 v3.6.11rc1 v3.6.12; v3.7.8 v3.7.8rc1 v3.7.9; v3.8.3 v3.8.3rc1 v3.8.4 v3.8.4rc1 v3.8.5 v3.8.6 v3.8.6rc1.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.html https://bugs.python.org/issue30458msg347282 https://bugzilla.redhat.com/show_bug.cgi?id=1727276 https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/ https://security.netapp.com/advisory/ntap-20191107-0004/ https://usn.ubuntu.com/4333-1/ https://usn.ubuntu.com/4333-2/ https://www.oracle.com/security-alerts/cpuoct2020.html An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18 v2.7.18rc1; v3.5.10 v3.5.10rc1; v3.6.11 v3.6.11rc1 v3.6.12; v3.7.8 v3.7.8rc1 v3.7.9; v3.8.3 v3.8.3rc1 v3.8.4 v3.8.4rc1 v3.8.5 v3.8.6 v3.8.6rc1.

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1

Share on: