Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-1061

Опубликовано: 19 июн. 2018
Источник: debian

Описание

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python3.7fixed3.7.0~b3-1package
python3.6fixed3.6.5~rc1-1package
python3.5fixed3.5.6-1package
python3.4removedpackage
python3.2removedpackage
python3.2no-dsawheezypackage
python2.7fixed2.7.14-7package
python2.7no-dsawheezypackage
python2.6removedpackage
python2.6no-dsawheezypackage

Примечания

  • https://bugs.python.org/issue32981

  • https://github.com/python/cpython/commit/0e6c8ee2358a2e23117501826c008842acb835ac (master)

  • https://github.com/python/cpython/commit/0902a2d6b2d1d9dbde36aeaaccf1788ceaa97143 (3.7)

  • https://github.com/python/cpython/commit/c9516754067d71fd7429a25ccfcb2141fc583523 (3.6)

  • https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b (3.5)

  • https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0 (3.4)

  • https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 (2.7)

Связанные уязвимости

ubuntu логотип

CVE-2018-1061

CVSS3: 6.5
ubuntu
около 7 лет назад

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

redhat логотип

CVE-2018-1061

CVSS3: 6.5
redhat
больше 7 лет назад

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

nvd логотип

CVE-2018-1061

CVSS3: 6.5
nvd
около 7 лет назад

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

github логотип

GHSA-gf62-w85x-fjpv

CVSS3: 7.5
github
около 3 лет назад

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

fstec логотип

BDU:2019-04238

CVSS3: 7.5
fstec
почти 7 лет назад

Уязвимость метода difflib.IS_LINE_JUNK интерпретатора языка программирования Python, позволяющая нарушителю вызвать отказ в обслуживании