Published: 23/12/2018 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Modules/_pickle.c in Python prior to 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python python
debian debian linux 8.0
fedoraproject fedora 28
fedoraproject fedora 29
fedoraproject fedora 30

Synopsis Moderate: rh-python36-python security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-python36-python is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common ...

Several security issues were fixed in Python ...

Python is affected by improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization The impact is information disclosure (credentials, cookies, etc that are cached against a given hostname) The components are: urllibparseurlsplit, urllibparseurlparse The attack vector is: A specially crafted URL could be incorre ...

Python 27x through 2716 and 3x through 372 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization The impact is: Information disclosure (credentials, cookies, etc that are cached against a given hostname) The components are: urllibparseurlsplit, urllibparseurlparse The attack vector ...

A null pointer dereference vulnerability was found in the certificate parsing code in Python This causes a denial of service to applications when parsing specially crafted certificates This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate au ...

CWE-190 https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd https://bugs.python.org/issue34656 https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html https://security.netapp.com/advisory/ntap-20190416-0010/https://usn.ubuntu.com/4127-2/https://usn.ubuntu.com/4127-1/https://access.redhat.com/errata/RHSA-2019:3725 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/https://access.redhat.com/errata/RHSA-2019:3725 https://nvd.nist.gov https://usn.ubuntu.com/4127-2/

CVE-2018-20406

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect