Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-20406

Опубликовано: 23 дек. 2018
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

РелизСтатусПримечание
bionic

not-affected

2.7.15~rc1-1ubuntu0.1
cosmic

not-affected

2.7.15-4ubuntu4
devel

DNE

disco

not-affected

2.7.16-2
eoan

not-affected

2.7.16-2
esm-apps/focal

not-affected

2.7.16-2
esm-apps/jammy

not-affected

2.7.16-2
esm-infra-legacy/trusty

not-affected

2.7.6-8ubuntu0.5
esm-infra/bionic

not-affected

2.7.15~rc1-1ubuntu0.1
esm-infra/xenial

not-affected

2.7.12-1ubuntu0~16.04.4

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

not-affected

3.4.3-1ubuntu1~14.04.7+esm2
esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

not-affected

3.5.2-2ubuntu0~16.04.4~14.04.1+esm1
esm-infra/focal

DNE

esm-infra/xenial

not-affected

3.5.2-2ubuntu0~16.04.8
focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
bionic

released

3.6.7-1~18.04
cosmic

released

3.6.7-1~18.10
devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

3.6.7-1~18.04
esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
bionic

not-affected

3.7.3~rc1-1
cosmic

not-affected

3.7.3~rc1-1
devel

DNE

disco

not-affected

3.7.3-2
eoan

not-affected

3.7.3-2
esm-apps/bionic

not-affected

3.7.3~rc1-1
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 78%
0.01228
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-20406

CVSS3: 5.9
redhat
больше 6 лет назад

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

nvd логотип

CVE-2018-20406

CVSS3: 7.5
nvd
больше 6 лет назад

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

debian логотип

CVE-2018-20406

CVSS3: 7.5
debian
больше 6 лет назад

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a ...

github логотип

GHSA-p5h6-p5x2-5qxf

CVSS3: 7.5
github
около 3 лет назад

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

fstec логотип

BDU:2021-03713

CVSS3: 7.5
fstec
больше 6 лет назад

Уязвимость модуля pickle.c языка программирования Python, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 78%
0.01228
Низкий

5 Medium

CVSS2

7.5 High

CVSS3