Lucene search

K
ubuntucveUbuntu.comUB:CVE-2018-20406
HistoryDec 23, 2018 - 12:00 a.m.

CVE-2018-20406

2018-12-2300:00:00
ubuntu.com
ubuntu.com
30

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.007

Percentile

79.6%

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a
large LONG_BINPUT value that is mishandled during a “resize to twice the
size” attempt. This issue might cause memory exhaustion, but is only
relevant if the pickle format is used for serializing tens or hundreds of
gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10,
v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9;
v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1,
v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1,
v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1,
v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8,
v3.7.8rc1, v3.7.9.

Bugs

Notes

Author Note
mdeslaur bug says 2.7 is not affected
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchpython3.4< 3.4.3-1ubuntu1~14.04.7+esm2UNKNOWN
ubuntu14.04noarchpython3.5< 3.5.2-2ubuntu0~16.04.4~14.04.1+esm1UNKNOWN
ubuntu16.04noarchpython3.5< 3.5.2-2ubuntu0~16.04.8UNKNOWN
ubuntu18.04noarchpython3.6< 3.6.7-1~18.04UNKNOWN
ubuntu18.10noarchpython3.6< 3.6.7-1~18.10UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.007

Percentile

79.6%