CVE-2018-1060

Опубликовано: 18 июн. 2018

Источник: debian

Описание

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
python3.7	fixed	3.7.0~b3-1		package
python3.6	fixed	3.6.5~rc1-1		package
python3.5	fixed	3.5.6-1		package
python3.4	removed			package
python3.2	removed			package
python3.2	no-dsa		wheezy	package
python2.7	fixed	2.7.14-7		package
python2.7	no-dsa		wheezy	package
python2.6	removed			package
python2.6	no-dsa		wheezy	package

Примечания

https://bugs.python.org/issue32981
https://github.com/python/cpython/commit/0e6c8ee2358a2e23117501826c008842acb835ac (master)
https://github.com/python/cpython/commit/0902a2d6b2d1d9dbde36aeaaccf1788ceaa97143 (3.7)
https://github.com/python/cpython/commit/c9516754067d71fd7429a25ccfcb2141fc583523 (3.6)
https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b (3.5)
https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0 (3.4)
https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 (2.7)

Связанные уязвимости

CVE-2018-1060

CVSS3: 7.5

ubuntu

больше 7 лет назад

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

CVE-2018-1060

CVSS3: 4.3

redhat

больше 7 лет назад

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

CVE-2018-1060

CVSS3: 7.5

nvd

больше 7 лет назад

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

GHSA-7hp6-577h-hcgr

CVSS3: 7.5

github

больше 3 лет назад

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

BDU:2019-04237

CVSS3: 7.5

fstec

больше 7 лет назад

Уязвимость метода pop3lib apop() интерпретатора языка программирования Python, позволяющая нарушителю вызвать отказ в обслуживании