Launchpad CVE tracker

CVE 2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.

Related bugs and status

CVE-2022-0391 (Candidate) is related to these bugs:

Bug #1987927: CVE: CVE-2021-3177 - python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c

Summary				In	Importance	Status
	1987927	CVE: CVE-2021-3177 - python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c		StarlingX	Medium	Fix Released

Bug #2038879: [Debian] High CVE: CVE-2021-23336/CVE-2022-0391/CVE-2022-48560/CVE-2022-48565/CVE-2022-48566/CVE-2023-24329/CVE-2023-40217 python2.7: multiple CVEs

Summary				In	Importance	Status
	2038879	[Debian] High CVE: CVE-2021-23336/CVE-2022-0391/CVE-2022-48560/CVE-2022-48565/CVE-2022-48566/CVE-2023-24329/CVE-2023-40217 python2.7: multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2022-0391

References