CVE-2019-16056

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

Affected Software

Name	Vendor	Start Version	End Version
Python	Python	*	2.7.16 (including)
Python	Python	3.0.0 (including)	3.0.1 (including)
Python	Python	3.1.0 (including)	3.1.5 (including)
Python	Python	3.2.0 (including)	3.2.6 (including)
Python	Python	3.3.0 (including)	3.3.7 (including)
Python	Python	3.4.0 (including)	3.4.10 (including)
Python	Python	3.5.0 (including)	3.5.7 (including)
Python	Python	3.6.0 (including)	3.6.9 (including)
Python	Python	3.7.0 (including)	3.7.4 (including)
Red Hat Ansible Tower 3.5 for RHEL 7	RedHat	ansible-tower-35/ansible-tower:3.5.6-1	*
Red Hat Ansible Tower 3.6 for RHEL 7	RedHat	ansible-tower-36/ansible-tower:3.6.4-1	*
Red Hat Enterprise Linux 7	RedHat	python-0:2.7.5-88.el7	*
Red Hat Enterprise Linux 7	RedHat	python3-0:3.6.8-13.el7	*
Red Hat Enterprise Linux 7.7 Extended Update Support	RedHat	python-0:2.7.5-87.el7_7	*
Red Hat Enterprise Linux 8	RedHat	python27:2.7-8020020200117110429.90f98d4f	*
Red Hat Enterprise Linux 8	RedHat	python3-0:3.6.8-23.el8	*
Red Hat Enterprise Linux 8	RedHat	python3-0:3.6.8-23.el8	*
Red Hat Software Collections for Red Hat Enterprise Linux 6	RedHat	rh-python36-python-0:3.6.9-2.el6	*
Red Hat Software Collections for Red Hat Enterprise Linux 6	RedHat	python27-python-0:2.7.17-2.el6	*
Red Hat Software Collections for Red Hat Enterprise Linux 7	RedHat	rh-python36-python-0:3.6.9-2.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7	RedHat	python27-python-0:2.7.17-2.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS	RedHat	rh-python36-python-0:3.6.9-2.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS	RedHat	python27-python-0:2.7.17-2.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS	RedHat	rh-python36-python-0:3.6.9-2.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS	RedHat	python27-python-0:2.7.17-2.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS	RedHat	rh-python36-python-0:3.6.9-2.el7	*
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS	RedHat	python27-python-0:2.7.17-2.el7	*
Python2.7	Ubuntu	bionic	*
Python2.7	Ubuntu	disco	*
Python2.7	Ubuntu	esm-infra-legacy/trusty	*
Python2.7	Ubuntu	esm-infra/bionic	*
Python2.7	Ubuntu	esm-infra/xenial	*
Python2.7	Ubuntu	trusty	*
Python2.7	Ubuntu	trusty/esm	*
Python2.7	Ubuntu	xenial	*
Python3.4	Ubuntu	esm-infra-legacy/trusty	*
Python3.4	Ubuntu	trusty	*
Python3.4	Ubuntu	trusty/esm	*
Python3.5	Ubuntu	esm-infra-legacy/trusty	*
Python3.5	Ubuntu	esm-infra/xenial	*
Python3.5	Ubuntu	trusty	*
Python3.5	Ubuntu	trusty/esm	*
Python3.5	Ubuntu	xenial	*
Python3.6	Ubuntu	bionic	*
Python3.6	Ubuntu	esm-infra/bionic	*
Python3.7	Ubuntu	bionic	*
Python3.7	Ubuntu	disco	*
Python3.7	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-16056
CWE	https://cwe.mitre.org/data/definitions/.html

Affected Software

References