Lucene search

K

Veracode Vulnerability DatabaseVERACODE:19504

HistoryMay 16, 2019 - 3:18 a.m.

Denial Of Service (DoS)

2019-05-1603:18:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

17

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Python is vulnerable to denial of service(DoS) attacks. This is because the implementation of catastrophic backtracking. A remote authenticated user could trigger a denial of service condition via backtracking in ‘difflib.IS_LINE_JUNK’ method in difflib which may leads to a application crash.

CPENameOperatorVersion
pythoneq2.7.5__18.ael7b_1.1
pythoneq2.7.5__69.el7_5
python27-python-jinja2eq2.6__9.el6
python27-python-jinja2eq2.6__14.el7
python27-python-jinja2eq2.6__11.el7
python27-python-jinja2eq2.6__10.sc1.el6
python27-python-jinja2eq2.6__10.el6
python27-pythoneq2.7.8__18.el6
python27-pythoneq2.7.13__4.el6
python27-pythoneq2.7.5__10.el6

Rows per page:

1-10 of 271

References

www.securitytracker.com/id/1042001

access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index

access.redhat.com/errata/RHBA-2019:0327

access.redhat.com/errata/RHSA-2018:3041

access.redhat.com/errata/RHSA-2018:3505

access.redhat.com/errata/RHSA-2019:1260

access.redhat.com/security/updates/classification/#moderate

bugs.python.org/issue32981

bugzilla.redhat.com/show_bug.cgi?id=1555314

bugzilla.redhat.com/show_bug.cgi?id=1557460

bugzilla.redhat.com/show_bug.cgi?id=1579432

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061

docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1

docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1

lists.debian.org/debian-lts-announce/2018/09/msg00030.html

lists.debian.org/debian-lts-announce/2018/09/msg00031.html

lists.fedoraproject.org/archives/list/[email protected]/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/

lists.fedoraproject.org/archives/list/[email protected]/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/

lists.fedoraproject.org/archives/list/[email protected]/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us

usn.ubuntu.com/3817-1/

usn.ubuntu.com/3817-2/

www.debian.org/security/2018/dsa-4306

www.debian.org/security/2018/dsa-4307

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for VERACODE:19504

osv6 debiancve1 alpinelinux1 redhatcve1 prion1 cve1 fedora12 ibm10 nessus41 amazon3 openvas38 mageia2 redhat6 suse3 centos1 ubuntucve1 oraclelinux1 debian4 photon4 ubuntu2 cloudfoundry1 freebsd1 slackware1