Remove newline characters from uu encoding methods

Filenames passed to the UU encoding methods (uu.py and uu_codec.py) that contain a newline character will overflow data into the UU content section. This can potentially be used to inject replace or corrupt data content in a file during the decode process.

The fix removes newline characters from filenames.

  • Disclosure date: 2019-11-30 (Python issue bpo-38945 reported)
  • Reported at: 2019-11-28 (PSRT list)
  • Reported by: Matthew Rollings

Fixed In

Vulnerable Versions

  • Python 3.5 (need release)

Python issue

Remove newline characters from uu encoding methods.

  • Python issue: bpo-38945
  • Creation date: 2019-11-30
  • Reporter: stealthcopter

Timeline

Timeline using the disclosure date 2019-11-30 as reference: