CVE: CVE-2018-1060

Descrizione: python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib’s apop() method. An attacker could use this flaw to cause denial of service.

Vettore di attacco

Riferimenti esterni

• https://www.debian.org/security/2018/dsa-4306
• http://www.securitytracker.com/id/1042001
• https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html
• https://bugs.python.org/issue32981
• https://usn.ubuntu.com/3817-2/
• https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1
• https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1
• https://access.redhat.com/errata/RHSA-2018:3505
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060
• https://access.redhat.com/errata/RHSA-2018:3041
• https://www.debian.org/security/2018/dsa-4307
• https://usn.ubuntu.com/3817-1/
• https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/
• https://access.redhat.com/errata/RHBA-2019:0327
• https://access.redhat.com/errata/RHSA-2019:1260
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us
• https://access.redhat.com/errata/RHSA-2019:3725
• https://www.oracle.com/security-alerts/cpujan2020.html
• http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

Prodotti interessati

• [UNKNOWN] – python

Relazioni con altri prodotti

Produttore:[UNKNOWN]
Prodotto: python
Anno: 2018
CWE: CWE-20
CVSS: 0.0