CVE-2018-1060

Опубликовано: 14 мар. 2018

Источник: redhat

CVSS3: 4.3

Описание

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	python	Will not fix
Red Hat Enterprise Linux 6	python	Will not fix
Red Hat Software Collections	rh-python34-python	Will not fix
Red Hat Software Collections	rh-python35-python	Fix deferred
Red Hat Enterprise Linux 7	python	Fixed	RHSA-2018:3041	30.10.2018
Red Hat Enterprise Linux 7.4 Advanced Update Support	python	Fixed	RHSA-2020:1346	07.04.2020
Red Hat Enterprise Linux 7.4 Telco Extended Update Support	python	Fixed	RHSA-2020:1346	07.04.2020
Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions	python	Fixed	RHSA-2020:1346	07.04.2020
Red Hat Enterprise Linux 7.5 Extended Update Support	python	Fixed	RHSA-2020:1268	01.04.2020
Red Hat Software Collections for Red Hat Enterprise Linux 6	python27-python	Fixed	RHSA-2019:1260	22.05.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1549191python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2018-1060

CVSS3: 7.5

ubuntu

около 7 лет назад

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

CVE-2018-1060

CVSS3: 7.5

nvd

около 7 лет назад

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

CVE-2018-1060

CVSS3: 7.5

debian

около 7 лет назад

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is ...

GHSA-7hp6-577h-hcgr

CVSS3: 7.5

github

около 3 лет назад

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

BDU:2019-04237

CVSS3: 7.5

fstec

почти 7 лет назад

Уязвимость метода pop3lib apop() интерпретатора языка программирования Python, позволяющая нарушителю вызвать отказ в обслуживании

4.3 Medium

CVSS3