what you don't know can hurt you
Showing 1 - 6 of 6 RSS Feed

CVE-2020-26116

Status Candidate

Overview

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

Related Files

Ubuntu Security Notice USN-4754-3
Posted Mar 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4754-3 - USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. In the case of Python 2.7 for 20.04 ESM, these additional fixes are included: It was discovered that Python allowed remote attackers to cause a denial of service via a ZIP bomb. It was discovered that Python had potentially misleading information about whether sorting occurs. This fix updates the documentation about it. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2019-17514, CVE-2019-20907, CVE-2019-9674, CVE-2020-26116, CVE-2020-27619, CVE-2020-8492
MD5 | 67d5415d4b4e952d651e9fc905a209c3
Gentoo Linux Security Advisory 202101-18
Posted Jan 25, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202101-18 - Multiple vulnerabilities have been found in Python, the worst of which could result in the arbitrary execution of code. Versions less than 2.7.18-r6:2.7 are affected.

tags | advisory, arbitrary, vulnerability, python
systems | linux, gentoo
advisories | CVE-2020-26116, CVE-2021-3177
MD5 | 89a248016035f11533fe205791880204
Red Hat Security Advisory 2020-4299-01
Posted Oct 21, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4299-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include crlf injection, denial of service, and double free vulnerabilities.

tags | advisory, denial of service, vulnerability, python
systems | linux, redhat
advisories | CVE-2019-18874, CVE-2019-20907, CVE-2020-14422, CVE-2020-26116, CVE-2020-26137
MD5 | 89a9cb754fbb97802d7fe82be6995570
Red Hat Security Advisory 2020-4273-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4273-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include crlf injection and traversal vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2019-18348, CVE-2019-20907, CVE-2019-20916, CVE-2020-26116
MD5 | 72d8c356c9cc0a19caa3b0627e759faf
Red Hat Security Advisory 2020-4285-01
Posted Oct 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4285-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include crlf injection, cross site scripting, denial of service, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, python
systems | linux, redhat
advisories | CVE-2019-16935, CVE-2019-18348, CVE-2019-20907, CVE-2019-20916, CVE-2020-14422, CVE-2020-26116, CVE-2020-8492
MD5 | 6bbb5941e3c53ce867479fb49b113d8d
Ubuntu Security Notice USN-4581-1
Posted Oct 14, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4581-1 - It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection.

tags | advisory, remote, python
systems | linux, ubuntu
advisories | CVE-2020-26116
MD5 | d903afd0dba27fdfc0f4fd0f7a1735b8
Page 1 of 1
Back1Next

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    26 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    2 Files
  • 9
    May 9th
    2 Files
  • 10
    May 10th
    13 Files
  • 11
    May 11th
    17 Files
  • 12
    May 12th
    22 Files
  • 13
    May 13th
    11 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close