CVE-2018-1060
Published: 18 June 2018
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
Priority
Low
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
python2.7 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Not vulnerable
(2.7.15-4ubuntu1)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(2.7.15-4ubuntu1)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(2.7.15~rc1-1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(2.7.12-1ubuntu0~16.04.4)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(2.7.6-8ubuntu0.5)
|
|
|
Patches: Upstream: https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 |
||
|
python3.4 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(3.4.3-1ubuntu1~14.04.7)
|
|
|
Patches: Upstream: https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0 |
||
|
python3.5 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(3.5.2-2ubuntu0~16.04.5)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Needed
|
|
|
Patches: Upstream: https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b |
||
|
python3.6 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(3.6.6-1~18.04)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
Patches: Upstream: https://github.com/python/cpython/commit/c9516754067d71fd7429a25ccfcb2141fc583523 |
||
|
python3.7 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(3.7.0~b3-1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
Patches: Upstream: https://github.com/python/cpython/commit/0902a2d6b2d1d9dbde36aeaaccf1788ceaa97143 |
||