CVE-2022-0391

Note

for python2.7 code affected, urlsplit is in Lib/urlparse.py.
according with Debian, the fix for python3.5 causes regressions.

Package	Release	Status
python2.7 Launchpad, Ubuntu, Debian	bionic	Released (2.7.17-1~18.04ubuntu1.7)
	focal	Released (2.7.18-1~20.04.3+esm1) Available with Ubuntu Pro
	impish	Ignored (end of life)
	jammy	Released (2.7.18-13ubuntu1.1+esm2) Available with Ubuntu Pro
	kinetic	Ignored (end of life, was needed)
	lunar	Does not exist
	mantic	Does not exist
	trusty	Released (2.7.6-8ubuntu0.6+esm12) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	upstream	Needs triage
	xenial	Released (2.7.12-1ubuntu0~16.04.18+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
python3.10 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	impish	Not vulnerable
	jammy	Not vulnerable
	kinetic	Not vulnerable
	lunar	Does not exist
	mantic	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
python3.4 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	mantic	Does not exist
	trusty	Released (3.4.3-1ubuntu1~14.04.7+esm12) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	upstream	Needs triage
	xenial	Does not exist
python3.5 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	mantic	Does not exist
	trusty	Needs triage
	upstream	Needs triage
	xenial	Released (3.5.2-2ubuntu0~16.04.13+esm2) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
python3.6 Launchpad, Ubuntu, Debian	bionic	Released (3.6.9-1~18.04ubuntu1.7)
	focal	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	mantic	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	Patches: upstream: https://github.com/python/cpython/commit/6c472d3a1d334d4eeb4a25eba7bf3b01611bf667
python3.7 Launchpad, Ubuntu, Debian	bionic	Needed
	focal	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	mantic	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	Patches: upstream: https://github.com/python/cpython/commit/f4dac7ec55477a6c5d965e594e74bd6bda786903
python3.8 Launchpad, Ubuntu, Debian	bionic	Needed
	focal	Released (3.8.10-0ubuntu1~20.04.4)
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	mantic	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	Patches: upstream: https://github.com/python/cpython/pull/25726/commits/56cdbe0a2cb396932aa0de14eb0b70c9a0686631
python3.9 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Not vulnerable (3.9.7-1)
	impish	Not vulnerable (3.9.7-2build1)
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	mantic	Does not exist
	trusty	Ignored (end of standard support)
	upstream	Released (3.9.7-1)
	xenial	Ignored (end of standard support)
	Patches: upstream: https://github.com/python/cpython/pull/25853/commits/7a4406034750d0fe1f9b3bf2e020c7b7a6936066

Parameter	Value
Base score	7.5
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	High
Availability impact	None
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2022-0391

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading