CVE-2018-1060

HIGH severity · CVSS 7.5 · Improper input validation

7.5CVSS HIGH

Summary

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredNone

User interactionNone

Confidentiality impactNone

Integrity impactNone

Availability impactHigh

Exploit probability (EPSS)1%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products we track (1)

Python

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information

NVD record
https://bugs.python.org/issue32981Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.htmlAdvisory
http://www.securitytracker.com/id/1042001Advisory
https://access.redhat.com/errata/RHBA-2019:0327Advisory
https://access.redhat.com/errata/RHSA-2018:3041Advisory
https://access.redhat.com/errata/RHSA-2018:3505Advisory
https://access.redhat.com/errata/RHSA-2019:1260Advisory
https://access.redhat.com/errata/RHSA-2019:3725Advisory