PT-2019-5716 · Python+10 · Python+10

Published

2019-12-10

·

Updated

2026-05-18

·

CVE-2019-20907

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Python versions through 3.8.3
Description The issue is related to the proc pax function in Lib/tarfile.py, which lacks proper header validation, allowing an attacker to craft a TAR archive that can cause an infinite loop when opened by tarfile.open. This can lead to a denial of service. The estimated number of potentially affected devices is not specified.
Recommendations For versions through 3.8.3, consider disabling the tarfile.open function until a patch is available, or restrict the use of TAR archives to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Untrusted Search Path

Infinite Loop

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-426CWE-835CWE-20

Related Identifiers

ALSA-2020:4641
ALSA-2020:4654
ALT-PU-2020-2445
ALT-PU-2020-3395
ALT-PU-2021-1234
ALT-PU-2021-2653
ALT-PU-2024-3474
AZL-6825
BDU:2021-00726
BDU:2024-09146
CESA-2020_4433
CESA-2020_4641
CESA-2020_4654
CESA-2020_5009
CESA-2020_5010
CLEANSTART-2026-BM51903
CLEANSTART-2026-SY44974
CVE-2019-20907
DLA-2337-1
DLA-2456-1
DLA-3432-1
MGASA-2020-0451
OPENSUSE-SU-2020:1254-1
OPENSUSE-SU-2020:1257-1
OPENSUSE-SU-2020:1258-1
OPENSUSE-SU-2020:1265-1
OPENSUSE-SU-2020:2332-1
OPENSUSE-SU-2020:2333-1
OPENSUSE-SU-2020_1254-1
OPENSUSE-SU-2020_1257-1
OPENSUSE-SU-2020_1258-1
OPENSUSE-SU-2020_1265-1
OPENSUSE-SU-2020_2332-1
OPENSUSE-SU-2020_2333-1
OPENSUSE-SU-2024:11283-1
OPENSUSE-SU-2024:11284-1
OPENSUSE-SU-2024:11285-1
OPENSUSE-SU-2024:11286-1
OPENSUSE-SU-2024:11551-1
OPENSUSE-SU-2024:12089-1
OPENSUSE-SU-2024:12910-1
OPENSUSE-SU-2024:14109-1
OPENSUSE-SU-2024:14434-1
OPENSUSE-SU-2025:15713-1
PSF-2020-2
RHSA-2020:4273
RHSA-2020:4285
RHSA-2020:4299
RHSA-2020:4433
RHSA-2020:4641
RHSA-2020:4654
RHSA-2020:5009
RHSA-2020:5010
RHSA-2020_4433
RHSA-2020_4641
RHSA-2020_4654
RHSA-2020_5009
RHSA-2020_5010
RHSA-2021:0528
RHSA-2021:0761
RHSA-2021:0881
RLSA-2020:4641
RLSA-2020:4654
ROSA-SA-2023-2202
ROSA-SA-2023-2203
ROSA-SA-2025-2646
SUSE-FU-2022:0444-1
SUSE-FU-2022:0445-1
SUSE-SU-2020:2216-1
SUSE-SU-2020:2275-1
SUSE-SU-2020:2276-1
SUSE-SU-2020:2277-1
SUSE-SU-2020:2699-1
SUSE-SU-2020:3563-1
SUSE-SU-2020:3930-1
SUSE-SU-2020_2216-1
SUSE-SU-2020_2275-1
SUSE-SU-2020_2276-1
SUSE-SU-2020_2277-1
SUSE-SU-2025:20025-1
SUSE-SU-2025:20154-1
SUSE-SU-2025:20492-1
USN-4428-1
USN-4754-3
USN-6891-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Python
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu