Remove newline characters from uu encoding methods


This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.

The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This database can be viewed online at the Open Source Vulnerability Database.

Filenames passed to the UU encoding methods ( and that contain a newline character will overflow data into the UU content section. This can potentially be used to inject replace or corrupt data content in a file during the decode process.

The fix removes newline characters from filenames.


  • Disclosure date: 2019-11-30 (Python issue bpo-38945 reported)
  • Reported at: 2019-11-28 (PSRT list)
  • Reported by: Matthew Rollings

Fixed In

Python issue

Remove newline characters from uu encoding methods.

  • Python issue: bpo-38945
  • Creation date: 2019-11-30
  • Reporter: stealthcopter


Timeline using the disclosure date 2019-11-30 as reference: