CVE-2019-16056

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-16056

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16056.json

Aliases

PSF-2019-5

Related

Published

2019-09-06T18:15:15Z

Modified

2023-11-29T07:14:58.933758Z

Details

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

References

Affected packages

Alpine:v3.10 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.7.5-r0

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.2-r3

3.6.3-r3

3.6.4-r3

3.6.6-r3

3.6.7-r3

3.6.8-r3

3.7.2-r3

3.7.3-r3

3.7.4-r3

Alpine:v3.11 / python2

Package

Name: python2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.16-r3

Affected versions

2.*

2.6.1-r0

2.6.1-r1

2.6.1-r2

2.6.2-r0

2.6.2-r1

2.6.3-r0

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.5-r3

2.6.5-r4

2.6.5-r5

2.6.5-r6

2.6.5-r7

2.6.5-r8

2.7.2-r8

2.7.3-r8

2.7.5-r8

2.7.6-r8

2.7.7-r8

2.7.8-r8

2.7.9-r8

2.7.10-r8

2.7.11-r8

2.7.12-r8

2.7.13-r8

2.7.14-r8

2.7.15-r8

Alpine:v3.11 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.7.5-r0

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.2-r3

3.6.3-r3

3.6.4-r3

3.6.6-r3

3.6.7-r3

3.6.8-r3

3.7.2-r3

3.7.3-r3

3.7.4-r3

Alpine:v3.12 / python2

Package

Name: python2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.16-r3

Affected versions

2.*

2.6.1-r0

2.6.1-r1

2.6.1-r2

2.6.2-r0

2.6.2-r1

2.6.3-r0

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.5-r3

2.6.5-r4

2.6.5-r5

2.6.5-r6

2.6.5-r7

2.6.5-r8

2.7.2-r8

2.7.3-r8

2.7.5-r8

2.7.6-r8

2.7.7-r8

2.7.8-r8

2.7.9-r8

2.7.10-r8

2.7.11-r8

2.7.12-r8

2.7.13-r8

2.7.14-r8

2.7.15-r8

Alpine:v3.12 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.7.5-r0

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.2-r3

3.6.3-r3

3.6.4-r3

3.6.6-r3

3.6.7-r3

3.6.8-r3

3.7.2-r3

3.7.3-r3

3.7.4-r3

Alpine:v3.13 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.7.5-r0

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.2-r3

3.6.3-r3

3.6.4-r3

3.6.6-r3

3.6.7-r3

3.6.8-r3

3.7.2-r3

3.7.3-r3

3.7.4-r3

Alpine:v3.14 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.7.5-r0

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.2-r3

3.6.3-r3

3.6.4-r3

3.6.6-r3

3.6.7-r3

3.6.8-r3

3.7.2-r3

3.7.3-r3

3.7.4-r3

Alpine:v3.15 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.7.5-r0

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.2-r3

3.6.3-r3

3.6.4-r3

3.6.6-r3

3.6.7-r3

3.6.8-r3

3.7.2-r3

3.7.3-r3

3.7.4-r3

Alpine:v3.16 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.7.5-r0

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.2-r3

3.6.3-r3

3.6.4-r3

3.6.6-r3

3.6.7-r3

3.6.8-r3

3.7.2-r3

3.7.3-r3

3.7.4-r3

Alpine:v3.17 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.7.5-r0

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.2-r3

3.6.3-r3

3.6.4-r3

3.6.6-r3

3.6.7-r3

3.6.8-r3

3.7.2-r3

3.7.3-r3

3.7.4-r3

Alpine:v3.18 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.7.5-r0

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.2-r3

3.6.3-r3

3.6.4-r3

3.6.6-r3

3.6.7-r3

3.6.8-r3

3.7.2-r3

3.7.3-r3

3.7.4-r3

Alpine:v3.7 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.6.8-r1

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.2-r3

3.6.3-r3

3.6.5-r3

Alpine:v3.8 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.6.8-r1

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.2-r3

3.6.3-r3

3.6.4-r3

3.6.6-r3

Alpine:v3.9 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.6.9-r1

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.2-r3

3.6.3-r3

3.6.4-r3

3.6.6-r3

3.6.7-r3

3.6.8-r3

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Fixed

8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9

Introduced

2e789a1f1d84b343a996e8654590703b5fbdd441

Introduced

5c4568a05a0a62b5947c55f68f9f2ecfb90a4f12

Introduced

1bf9cc509326bc42cd8cb1650eb9bf64550d817e

Introduced

e054f452bd9118def58c18aa295662c9845e1c89

Introduced

3101b7076270756f8be699358c69c5d15ea2cc48

Affected versions

3.*

3.2

v3.*

v3.4.4

v3.4.4rc1

v3.4.5

v3.4.5rc1

v3.4.6

v3.4.6rc1

v3.5.0

v3.5.1

v3.5.1rc1

v3.5.2

v3.5.2rc1

v3.5.3

v3.5.3rc1

v3.6.0

v3.6.0a1

v3.6.0a2

v3.6.0a3

v3.6.0a4

v3.6.0b1

v3.6.0b2

v3.6.0b3

v3.6.0b4

v3.6.0rc1

v3.6.0rc2

v3.7.0a1

v3.7.0a2

v3.7.0a3

v3.7.0a4

v3.8.0a1

v3.8.0a2

v3.8.0a3

v3.8.0a4

v3.8.0b1