Improper Input Validation
Affecting python2.7 package, versions <2.7.9-2+deb8u2
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
References
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CVE Details
- Debian Security Advisory
- Debian Security Advisory
- Debian Security Announcement
- Debian Security Announcement
- Debian Security Tracker
- Fedora Security Update
- Fedora Security Update
- Fedora Security Update
- REDHAT
- REDHAT
- RHSA Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- RedHat Bugzilla Bug
- SUSE
- Security Tracker
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
- Ubuntu Security Advisory
CVSS Score
7.5
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityNone
-
IntegrityNone
-
AvailabilityHigh
- CVE
- CVE-2018-1061
- CWE
- CWE-20
- Snyk ID
- SNYK-DEBIAN8-PYTHON27-306481
- Disclosed
- 19 Jun, 2018
- Published
- 19 Jun, 2018