Launchpad CVE tracker

CVE 2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

Related bugs and status

CVE-2020-26116 (Candidate) is related to these bugs:

Bug #1898078: FIPS OpenSSL crashes Python2.7 hashlib when using MD5

		In	Importance	Status
1898078	FIPS OpenSSL crashes Python2.7 hashlib when using MD5	python2.7 (Ubuntu)	Undecided	New
1898078	FIPS OpenSSL crashes Python2.7 hashlib when using MD5	python2.7 (Ubuntu Groovy)	Undecided	Won't Fix
1898078	FIPS OpenSSL crashes Python2.7 hashlib when using MD5	python2.7 (Ubuntu Xenial)	Undecided	New
1898078	FIPS OpenSSL crashes Python2.7 hashlib when using MD5	python2.7 (Ubuntu Bionic)	Undecided	Fix Released
1898078	FIPS OpenSSL crashes Python2.7 hashlib when using MD5	python2.7 (Ubuntu Focal)	Undecided	New

Bug #1987927: CVE: CVE-2021-3177 - python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c

Summary				In	Importance	Status
	1987927	CVE: CVE-2021-3177 - python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c		StarlingX	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2020-26116

References