In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
07 Nov 2023, 03:09
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
24 May 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Apr 2022, 18:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* | |
CWE | CWE-835 | |
First Time |
Oracle
Oracle zfs Storage Appliance Kit |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/ - Mailing List, Third Party Advisory |
20 Jan 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-07-13 13:15
Updated : 2023-12-10 13:27
NVD link : CVE-2019-20907
Mitre link : CVE-2019-20907
CVE.ORG link : CVE-2019-20907
JSON object : View
Products Affected
oracle
- zfs_storage_appliance_kit
python
- python
opensuse
- leap
netapp
- active_iq_unified_manager
- cloud_volumes_ontap_mediator
debian
- debian_linux
canonical
- ubuntu_linux
fedoraproject
- fedora
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')