Lucene search

K
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2018-20406
HistoryDec 23, 2018 - 11:29 p.m.

CVE-2018-20406

2018-12-2323:29:00
Alpine Linux Development Team
security.alpinelinux.org
17

0.007 Low

EPSS

Percentile

79.4%

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a “resize to twice the size” attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

OSVersionArchitecturePackageVersionFilename
Alpine3.6-mainnoarchpython3< 3.6.8-r0UNKNOWN
Alpine3.7-mainnoarchpython3< 3.6.8-r0UNKNOWN
Alpine3.8-mainnoarchpython3< 3.6.8-r0UNKNOWN