Lucene search

[email protected]NVD:CVE-2018-1060

HistoryJun 18, 2018 - 2:29 p.m.

CVE-2018-1060

2018-06-1814:29:00

CWE-20

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.0%

JSON

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib’s apop() method. An attacker could use this flaw to cause denial of service.

Affected configurations

NVD

Node

pythonpythonRange2.7.0–2.7.15

pythonpythonRange3.0.0–3.4.9

pythonpythonRange3.5.0–3.5.6

pythonpythonRange3.6.0–3.6.5

Node

fedoraprojectfedoraMatch28

fedoraprojectfedoraMatch29

fedoraprojectfedoraMatch30

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

Node

redhatansible_towerMatch3.3

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch7.0

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

References

lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

www.securitytracker.com/id/1042001

access.redhat.com/errata/RHBA-2019:0327

access.redhat.com/errata/RHSA-2018:3041

access.redhat.com/errata/RHSA-2018:3505

access.redhat.com/errata/RHSA-2019:1260

access.redhat.com/errata/RHSA-2019:3725

bugs.python.org/issue32981

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060

docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1

docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1

lists.debian.org/debian-lts-announce/2018/09/msg00030.html

lists.debian.org/debian-lts-announce/2018/09/msg00031.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us

usn.ubuntu.com/3817-1/

usn.ubuntu.com/3817-2/

www.debian.org/security/2018/dsa-4306

www.debian.org/security/2018/dsa-4307

www.oracle.com/security-alerts/cpujan2020.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.0%

JSON

Related for NVD:CVE-2018-1060