Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-14647

Опубликовано: 25 сент. 2018
Источник: nvd
CVSS3: 5.3
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Версия от 2.7.0 (включая) до 2.7.15 (включая)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Версия от 3.4.0 (включая) до 3.4.9 (включая)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Версия от 3.5.0 (включая) до 3.5.6 (включая)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Версия от 3.6.0 (включая) до 3.6.6 (включая)
cpe:2.3:a:python:python:3.7.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Конфигурация 5
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Конфигурация 6

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 77%
0.01078
Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-335
CWE-909

Связанные уязвимости

ubuntu логотип

CVE-2018-14647

CVSS3: 7.5
ubuntu
почти 7 лет назад

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

redhat логотип

CVE-2018-14647

CVSS3: 5.3
redhat
почти 7 лет назад

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

debian логотип

CVE-2018-14647

CVSS3: 7.5
debian
почти 7 лет назад

Python's elementtree C accelerator failed to initialise Expat's hash s ...

suse-cvrf логотип

SUSE-SU-2018:3156-1

suse-cvrf
почти 7 лет назад

Security update for python

github логотип

GHSA-gvw2-fvqg-v8mm

CVSS3: 7.5
github
около 3 лет назад

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

EPSS

Процентиль: 77%
0.01078
Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-335
CWE-909