CVE-2018-1060

MEDIUM

Description

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

http://www.securitytracker.com/id/1042001

https://access.redhat.com/errata/RHBA-2019:0327

https://access.redhat.com/errata/RHSA-2018:3041

https://access.redhat.com/errata/RHSA-2018:3505

https://access.redhat.com/errata/RHSA-2019:1260

https://access.redhat.com/errata/RHSA-2019:3725

https://bugs.python.org/issue32981

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060

https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1

https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1

https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html

https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/

https://lists.fedoraproject.org/archives/list/[email protected]/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/

https://lists.fedoraproject.org/archives/list/[email protected]s.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us

https://usn.ubuntu.com/3817-1/

https://usn.ubuntu.com/3817-2/

https://www.debian.org/security/2018/dsa-4306

https://www.debian.org/security/2018/dsa-4307

https://www.oracle.com/security-alerts/cpujan2020.html

Details

Source: MITRE

Published: 2018-06-18

Updated: 2020-01-15

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (49 total)

IDNameProductFamilySeverity
135247RHEL 7 : python (RHSA-2020:1346)NessusRed Hat Local Security Checks
medium
135089RHEL 7 : python (RHSA-2020:1268)NessusRed Hat Local Security Checks
medium
133448SUSE SLES12 Security Update : python36 (SUSE-SU-2020:0302-1)NessusSuSE Local Security Checks
high
133259SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)NessusSuSE Local Security Checks
critical
133172openSUSE Security Update : python3 (openSUSE-2020-86) (BEAST) (httpoxy)NessusSuSE Local Security Checks
critical
133036SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0114-1) (BEAST) (httpoxy)NessusSuSE Local Security Checks
critical
127255NewStart CGSL CORE 5.04 / MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0061)NessusNewStart CGSL Local Security Checks
medium
126383Amazon Linux 2 : python (ALAS-2019-1230)NessusAmazon Linux Local Security Checks
medium
124937EulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)NessusHuawei Local Security Checks
critical
124906EulerOS Virtualization for ARM 64 3.0.1.0 : python (EulerOS-SA-2019-1403)NessusHuawei Local Security Checks
medium
124623EulerOS 2.0 SP3 : python (EulerOS-SA-2019-1337)NessusHuawei Local Security Checks
medium
124492Fedora 30 : python35 (2019-51f1e08207)NessusFedora Local Security Checks
medium
123716EulerOS Virtualization 2.5.4 : python (EulerOS-SA-2019-1248)NessusHuawei Local Security Checks
medium
123714EulerOS Virtualization 2.5.3 : python (EulerOS-SA-2019-1246)NessusHuawei Local Security Checks
medium
123480Fedora 28 : python35 (2019-cf725dd20b)NessusFedora Local Security Checks
medium
123140Fedora 29 : python35 (2019-6e1938a3c5)NessusFedora Local Security Checks
medium
122695EulerOS 2.0 SP5 : python (EulerOS-SA-2019-1072)NessusHuawei Local Security Checks
medium
122382EulerOS 2.0 SP2 : python (EulerOS-SA-2019-1055)NessusHuawei Local Security Checks
medium
121985Photon OS 2.0: Python2 PHSA-2018-2.0-0086NessusPhotonOS Local Security Checks
medium
121881Photon OS 1.0: Python3 PHSA-2018-1.0-0178NessusPhotonOS Local Security Checks
medium
121880Photon OS 1.0: Python2 PHSA-2018-1.0-0178NessusPhotonOS Local Security Checks
medium
120768Fedora 28 : python34 (2018-c3a2174314)NessusFedora Local Security Checks
medium
120647Fedora 28 : python35 (2018-99ff4c8f80)NessusFedora Local Security Checks
medium
120565Fedora 28 : python3 (2018-7eae87ec86)NessusFedora Local Security Checks
medium
119571SUSE SLED12 / SLES12 Security Update : python, python-base (SUSE-SU-2018:3554-2)NessusSuSE Local Security Checks
high
119467Amazon Linux AMI : python27 (ALAS-2018-1108)NessusAmazon Linux Local Security Checks
medium
119196Scientific Linux Security Update : python on SL7.x x86_64 (20181030)NessusScientific Linux Local Security Checks
medium
118984CentOS 7 : python (CESA-2018:3041)NessusCentOS Local Security Checks
medium
118954Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Python vulnerabilities (USN-3817-1)NessusUbuntu Local Security Checks
high
118869openSUSE Security Update : python / python-base (openSUSE-2018-1363)NessusSuSE Local Security Checks
high
118763Oracle Linux 7 : python (ELSA-2018-3041)NessusOracle Linux Local Security Checks
medium
118515RHEL 7 : python (RHSA-2018:3041)NessusRed Hat Local Security Checks
medium
118501SUSE SLED12 / SLES12 Security Update : python, python-base (SUSE-SU-2018:3554-1)NessusSuSE Local Security Checks
high
117838Debian DSA-4307-1 : python3.5 - security updateNessusDebian Local Security Checks
high
117812Debian DSA-4306-1 : python2.7 - security updateNessusDebian Local Security Checks
high
117713Debian DLA-1520-1 : python3.4 security updateNessusDebian Local Security Checks
high
117712Debian DLA-1519-1 : python2.7 security updateNessusDebian Local Security Checks
high
117516openSUSE Security Update : python3 (openSUSE-2018-1001)NessusSuSE Local Security Checks
medium
117478SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2018:2696-1)NessusSuSE Local Security Checks
medium
112224Photon OS 2.0: Docker / Python2 / Strongswan PHSA-2018-2.0-0086 (deprecated)NessusPhotonOS Local Security Checks
medium
112221Photon OS 1.0: Postgresql / Python2 / Python3 / Strongswan PHSA-2018-1.0-0178 (deprecated)NessusPhotonOS Local Security Checks
medium
112012SUSE SLES11 Security Update : python (SUSE-SU-2018:2408-1)NessusSuSE Local Security Checks
critical
111768Fedora 27 : python34 (2018-875afebb87)NessusFedora Local Security Checks
medium
111766Fedora 27 : python35 (2018-04d49a1804)NessusFedora Local Security Checks
medium
109594FreeBSD : python 2.7 -- multiple vulnerabilities (8719b935-8bae-41ad-92ba-3c826f651219)NessusFreeBSD Local Security Checks
high
109583Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2018-124-01)NessusSlackware Local Security Checks
high
109368Amazon Linux AMI : python34 / python35,python36,python27 (ALAS-2018-1003)NessusAmazon Linux Local Security Checks
medium
108916Fedora 26 : python-pip / python3 / python3-docs (2018-aa8de9d66a)NessusFedora Local Security Checks
medium
108915Fedora 27 : python-pip / python3 / python3-docs (2018-a042f795b2)NessusFedora Local Security Checks
medium