CVE - CVE-2019-16056

CVE-ID
CVE-2019-16056	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://security.netapp.com/advisory/ntap-20190926-0005/ URL:https://security.netapp.com/advisory/ntap-20190926-0005/ FEDORA:FEDORA-2019-0d3fcae639 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/ FEDORA:FEDORA-2019-232f092db0 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QP46PQSUKYPGWTADQ67NOV3BUN6JM34Z/ FEDORA:FEDORA-2019-2b1f72899a URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/ FEDORA:FEDORA-2019-4954d8773c URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/ FEDORA:FEDORA-2019-50772cf122 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/ FEDORA:FEDORA-2019-57462fa10d URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/ FEDORA:FEDORA-2019-5dc275c9f2 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/ FEDORA:FEDORA-2019-74ba24605e URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/ FEDORA:FEDORA-2019-758824a3ff URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/ FEDORA:FEDORA-2019-7ec5bb5d22 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEARDOTXCYPYELKBD2KWZ27GSPXDI3GQ/ FEDORA:FEDORA-2019-986622833f URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QASRD4E2G65GGEHYKVHYCXB2XWAGTNL4/ FEDORA:FEDORA-2019-a268ba7b23 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGESQSGIHDCIGOBVF7VXCMIE6YDWRYB/ FEDORA:FEDORA-2019-aba3cca74a URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDQQ56P7ZZR64XV5DUVWNSNXKKEXUG2J/ FEDORA:FEDORA-2019-b06ec6159b URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/ FEDORA:FEDORA-2019-d202cda4f8 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/ MISC:https://bugs.python.org/issue34155 URL:https://bugs.python.org/issue34155 MISC:https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9 URL:https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9 MISC:https://www.oracle.com/security-alerts/cpuapr2020.html URL:https://www.oracle.com/security-alerts/cpuapr2020.html MISC:https://www.oracle.com/security-alerts/cpujul2020.html URL:https://www.oracle.com/security-alerts/cpujul2020.html MLIST:[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image URL:https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E MLIST:[debian-lts-announce] 20190916 [SECURITY] [DLA 1924-1] python3.4 security update URL:https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html MLIST:[debian-lts-announce] 20190916 [SECURITY] [DLA 1925-1] python2.7 security update URL:https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html MLIST:[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update URL:https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html MLIST:[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update URL:https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html REDHAT:RHSA-2019:3725 URL:https://access.redhat.com/errata/RHSA-2019:3725 REDHAT:RHSA-2019:3948 URL:https://access.redhat.com/errata/RHSA-2019:3948 SUSE:openSUSE-SU-2019:2389 URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html SUSE:openSUSE-SU-2019:2393 URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html SUSE:openSUSE-SU-2019:2438 URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html SUSE:openSUSE-SU-2019:2453 URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html SUSE:openSUSE-SU-2020:0086 URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html UBUNTU:USN-4151-1 URL:https://usn.ubuntu.com/4151-1/ UBUNTU:USN-4151-2 URL:https://usn.ubuntu.com/4151-2/
Assigning CNA
MITRE Corporation
Date Record Created
20190906	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20190906)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)