SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2018-1060

Date: (C)2018-06-18 (M)2024-04-12

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 7.5		CVSS Score : 5.0
Exploit Score: 3.9		Exploit Score: 10.0
Impact Score: 3.6		Impact Score: 2.9

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: NONE		Authentication: NONE
User Interaction: NONE		Confidentiality: NONE
Scope: UNCHANGED		Integrity: NONE
Confidentiality: NONE		Availability: PARTIAL
Integrity: NONE
Availability: HIGH

Reference:

SECTRACK-1042001

FEDORA-2019-51f1e08207

FEDORA-2019-6e1938a3c5

FEDORA-2019-cf725dd20b

https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html

https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html

https://bugs.python.org/issue32981

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060

https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1

https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us

https://www.oracle.com/security-alerts/cpujan2020.html

openSUSE-SU-2020:0086

cpe:/o:debian:debian_linux:9.0
cpe:/o:canonical:ubuntu_linux:12.04::~~esm~~~
cpe:/o:debian:debian_linux:8.0
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
...

oval:org.secpod.oval:def:89002336
oval:org.secpod.oval:def:504856
oval:org.secpod.oval:def:2103500
oval:org.secpod.oval:def:89002180
...

© SecPod Technologies