CVE-2019-17514
First published: Sat Oct 12 2019(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Python Python | =3.6.0 | |
| Python Python | =3.7.0 | |
| Python Python | =3.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.python.org/issue33275
- https://github.com/bminor/bash/blob/ac50fbac377e32b98d2de396f016ea81e8ee9961/pathexp.c#L380
- https://github.com/bminor/bash/blob/ac50fbac377e32b98d2de396f016ea81e8ee9961/pathexp.c#L405
- https://pubs.acs.org/doi/full/10.1021/acs.orglett.9b03216
- https://pubs.acs.org/doi/suppl/10.1021/acs.orglett.9b03216/suppl_file/ol9b03216_si_002.zip
- https://security.netapp.com/advisory/ntap-20191107-0005/
- https://twitter.com/LucasCMoore/status/1181615421922824192
- https://twitter.com/chris_bloke/status/1181997278136958976
- https://usn.ubuntu.com/4428-1/
- https://web.archive.org/web/20150822013622/https://docs.python.org/3/library/glob.html
- https://web.archive.org/web/20150906020027/https://docs.python.org/2.7/library/glob.html
- https://web.archive.org/web/20160309211341/https://docs.python.org/3/library/glob.html
- https://web.archive.org/web/20160526201356/https://docs.python.org/2.7/library/glob.html
- https://www.vice.com/en_us/article/zmjwda/a-code-glitch-may-have-caused-errors-in-more-than-100-published-studies
- https://launchpad.net/bugs/cve/CVE-2019-17514
- https://security-tracker.debian.org/tracker/CVE-2019-17514
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17514
- https://nvd.nist.gov/vuln/detail/CVE-2019-17514
- https://ubuntu.com/security/CVE-2019-17514
Frequently Asked Questions
What is CVE-2019-17514?
CVE-2019-17514 is a vulnerability in the Python 2 and 3 documentation before 2016 that contains potentially misleading information about whether sorting occurs.
What is the severity of CVE-2019-17514?
The severity of CVE-2019-17514 is high, with a CVSS score of 7.5.
Which software versions are affected by CVE-2019-17514?
CVE-2019-17514 affects Python 2.7.17-1~18.04ubuntu1.1, Python 2.7.18-1~20.04.1, Python 2.7.6-8ubuntu0.6+, Python 2.7.12-1ubuntu0~16.04.12, Python 3.5.2-2ubuntu0~16.04.11, Python 3.6.9-1~18.04ubuntu1.1, Python 3.4.3-1ubuntu1~14.04.7+, Python 3.8.0-3~18.04, and Python 3.8.2-1ubuntu1.2.
How can I fix CVE-2019-17514?
To fix CVE-2019-17514, update your Python version to a patched release, such as Python 2.7.17-1~18.04ubuntu1.1, Python 2.7.18-1~20.04.1, Python 2.7.6-8ubuntu0.6+, Python 2.7.12-1ubuntu0~16.04.12, Python 3.5.2-2ubuntu0~16.04.11, Python 3.6.9-1~18.04ubuntu1.1, Python 3.4.3-1ubuntu1~14.04.7+, Python 3.8.0-3~18.04, or Python 3.8.2-1ubuntu1.2, depending on your operating system.
Where can I find more information about CVE-2019-17514?
You can find more information about CVE-2019-17514 at the following references: [1] [2] [3].
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- collector/security-tracker-debian
- source/Debian
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- agent/trending
- vendor/python
- canonical/python python
- version/python python/3.6.0
- version/python python/3.7.0
- version/python python/3.8.0