CVE-2018-1060
Published: 18 June 2018
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
Priority
CVSS 3 base score: 7.5
Status
Package | Release | Status |
---|---|---|
python2.7 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(2.7.15-4ubuntu1)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(2.7.15-4ubuntu1)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(2.7.15~rc1-1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(2.7.12-1ubuntu0~16.04.4)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(2.7.6-8ubuntu0.5)
|
|
Patches: Upstream: https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 |
||
python3.4 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(3.4.3-1ubuntu1~14.04.7)
|
|
Patches: Upstream: https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0 |
||
python3.5 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(3.5.2-2ubuntu0~16.04.5)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Needed
|
|
Patches: Upstream: https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b |
||
python3.6 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(3.6.6-1~18.04)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
Patches: Upstream: https://github.com/python/cpython/commit/c9516754067d71fd7429a25ccfcb2141fc583523 |
||
python3.7 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(3.7.0~b3-1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
Patches: Upstream: https://github.com/python/cpython/commit/0902a2d6b2d1d9dbde36aeaaccf1788ceaa97143 |