QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-1061

Back to search

CVE-2018-1061

Published: Jun 19, 2018

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

6.5

MEDIUM

Description

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

VendorProductVersions

[UNKNOWN]

python

affected
python 2.7.15
affected
python 3.4.9
affected
python 3.5.6
affected
python 3.7.0

Weaknesses (CWE)

CWE-20

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

DSA-4306
vendor-advisory
x_refsource_DEBIAN
1042001
vdb-entry
x_refsource_SECTRACK
USN-3817-2
vendor-advisory
x_refsource_UBUNTU
RHSA-2018:3505
vendor-advisory
x_refsource_REDHAT
RHSA-2018:3041
vendor-advisory
x_refsource_REDHAT
DSA-4307
vendor-advisory
x_refsource_DEBIAN
USN-3817-1
vendor-advisory
x_refsource_UBUNTU
FEDORA-2019-6e1938a3c5
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-cf725dd20b
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-51f1e08207
vendor-advisory
x_refsource_FEDORA
RHBA-2019:0327
vendor-advisory
x_refsource_REDHAT
RHSA-2019:1260
vendor-advisory
x_refsource_REDHAT
RHSA-2019:3725
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2020:0086
vendor-advisory
x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now