CVE-2019-18348

Priority
Description
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib
in Python 3.x through 3.8.0. CRLF injection is possible if the attacker
controls a url parameter, as demonstrated by the first argument to
urllib.request.urlopen with \r\n (specifically in the host component of a
URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query
string issue and the CVE-2019-9947 path string issue. (This is not
exploitable when glibc has CVE-2016-10739 fixed.)
Notes
mdeslauras of 2020-01-06, there is no upstream fix for this issue
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):deferred (2020-01-06)
Ubuntu 14.04 ESM (Trusty Tahr):deferred (2020-01-06)
Ubuntu 16.04 LTS (Xenial Xerus):deferred (2020-01-06)
Ubuntu 18.04 LTS (Bionic Beaver):deferred (2020-01-06)
Ubuntu 19.04 (Disco Dingo):ignored (reached end-of-life)
Ubuntu 19.10 (Eoan Ermine):deferred (2020-01-06)
Ubuntu 20.04 (Focal Fossa):deferred (2020-01-06)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):deferred (2020-01-06)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):deferred (2020-01-06)
Ubuntu 16.04 LTS (Xenial Xerus):deferred (2020-01-06)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):deferred (2020-01-06)
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):deferred (2020-01-06)
Ubuntu 19.04 (Disco Dingo):ignored (reached end-of-life)
Ubuntu 19.10 (Eoan Ermine):deferred (2020-01-06)
Ubuntu 20.04 (Focal Fossa):deferred (2020-01-06)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):deferred (2020-01-06)
Ubuntu 19.04 (Disco Dingo):ignored (reached end-of-life)
Ubuntu 19.10 (Eoan Ermine):deferred (2020-01-06)
Ubuntu 20.04 (Focal Fossa):deferred (2020-01-06)
More Information

Updated: 2020-01-23 20:49:18 UTC (commit b4629892d998f2ede31f59bb7508dc50a92ac664)