CVE-2018-1060
HIGHPython < 2.7.15 - Denial of Service via Catastrophic Backtracking in pop3lib apop()
Title source: llmDescription
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
References (22)
Core 22
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4306
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1042001
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html
Exploit, Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugs.python.org/issue32981
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3817-2/
Product, Vendor Advisory x_refsource_confirm
https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1
Product, Vendor Advisory x_refsource_confirm
https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3505
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3041
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4307
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3817-1/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHBA-2019:0327
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1260
Third Party Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3725
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2020.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
Scores
CVSS v3
7.5
EPSS
0.0104
EPSS Percentile
77.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (14)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
debian/debian_linux
8.0
debian/debian_linux
9.0
fedoraproject/fedora
28
fedoraproject/fedora
29
fedoraproject/fedora
30
python/python
2.7.0 - 2.7.15
... and 4 more
Published
Jun 18, 2018
Tracked Since
Feb 18, 2026