CVE-2019-18348

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1.

References

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.html

https://bugs.python.org/issue30458#msg347282

https://bugzilla.redhat.com/show_bug.cgi?id=1727276

https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/

https://lists.fedoraproject.org/archives/list/[email protected]/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/

https://lists.fedoraproject.org/archives/list/[email protected]/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/

https://lists.fedoraproject.org/archives/list/[email protected]/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/

https://lists.fedoraproject.org/archives/list/[email protected]/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/

https://security.netapp.com/advisory/ntap-20191107-0004/

https://usn.ubuntu.com/4333-1/

https://usn.ubuntu.com/4333-2/

https://www.oracle.com/security-alerts/cpuoct2020.html

Details

Source: MITRE

Published: 2019-10-23

Updated: 2020-11-16

Type: CWE-74

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:python:python:*:*:*:*:*:*:*:* versions from 2.0 to 2.7.17 (inclusive)

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
147849SUSE SLES12 Security Update : python (SUSE-SU-2021:0794-1)NessusSuSE Local Security Checks
medium
145389openSUSE Security Update : python3 (openSUSE-2020-2333)NessusSuSE Local Security Checks
critical
145326openSUSE Security Update : python3 (openSUSE-2020-2332)NessusSuSE Local Security Checks
critical
144586SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:3930-1)NessusSuSE Local Security Checks
critical
144443SUSE SLES12 Security Update : python36 (SUSE-SU-2020:3865-1)NessusSuSE Local Security Checks
critical
143646SUSE SLES12 Security Update : python36 (SUSE-SU-2020:3563-1)NessusSuSE Local Security Checks
high
140678FreeBSD : Python -- multiple vulnerabilities (2cb21232-fb32-11ea-a929-a4bf014bf5f7)NessusFreeBSD Local Security Checks
high
140089Amazon Linux AMI : python34 (ALAS-2020-1429)NessusAmazon Linux Local Security Checks
medium
140087Amazon Linux AMI : python36 (ALAS-2020-1428)NessusAmazon Linux Local Security Checks
medium
138529Debian DLA-2280-1 : python3.5 security updateNessusDebian Local Security Checks
critical
138368Fedora 31 : python36 (2020-ea5bdbcc90)NessusFedora Local Security Checks
medium
138125FreeBSD : Python -- multiple vulnerabilities (33c05d57-bf6e-11ea-ba1e-0800273f78d3)NessusFreeBSD Local Security Checks
medium
138114Fedora 32 : python36 (2020-8bdd3fd7a4)NessusFedora Local Security Checks
medium
137877Photon OS 1.0: Python3 PHSA-2020-1.0-0304NessusPhotonOS Local Security Checks
medium
137580SUSE SLES12 Security Update : python (SUSE-SU-2020:1524-1)NessusSuSE Local Security Checks
medium
136884openSUSE Security Update : python (openSUSE-2020-696)NessusSuSE Local Security Checks
medium
136798SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:1339-1)NessusSuSE Local Security Checks
medium
136443FreeBSD : Python -- CRLF injection via the host part of the url passed to urlopen() (ca595a25-91d8-11ea-b470-080027846a02)NessusFreeBSD Local Security Checks
medium
136281Ubuntu 20.04 : Python vulnerabilities (USN-4333-2)NessusUbuntu Local Security Checks
medium
135894Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : Python vulnerabilities (USN-4333-1)NessusUbuntu Local Security Checks
medium
135487Photon OS 1.0: Python2 PHSA-2020-1.0-0287NessusPhotonOS Local Security Checks
medium
135405Photon OS 3.0: Python3 PHSA-2020-3.0-0073NessusPhotonOS Local Security Checks
medium
135404Photon OS 3.0: Python2 PHSA-2020-3.0-0073NessusPhotonOS Local Security Checks
medium
135309Photon OS 2.0: Python3 PHSA-2020-2.0-0223NessusPhotonOS Local Security Checks
medium
135308Photon OS 2.0: Python2 PHSA-2020-2.0-0223NessusPhotonOS Local Security Checks
medium
135197SUSE SLES12 Security Update : python3 (SUSE-SU-2020:0854-1)NessusSuSE Local Security Checks
medium
134853SUSE SLES12 Security Update : python36 (SUSE-SU-2020:0750-1)NessusSuSE Local Security Checks
medium
130797Fedora 29 : python35 (2019-d202cda4f8)NessusFedora Local Security Checks
critical
130793Fedora 30 : python35 (2019-b06ec6159b)NessusFedora Local Security Checks
critical
130784Fedora 31 : python35 (2019-57462fa10d)NessusFedora Local Security Checks
critical