CVE-2019-20907 log
| Source |
|
| Severity | Low |
| Remote | Yes |
| Type | Denial of service |
| Description | In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1597 | python2 | 2.7.18-2 | 2.7.18-3 | High | Fixed | FS#68063 |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 25 Mar 2021 | ASA-202103-27 | AVG-1597 | python2 | High | multiple issues |
| References |
|---|
https://bugs.python.org/issue39017 https://github.com/python/cpython/pull/21454 https://github.com/python/cpython/commit/5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4 |