CVE-2018-20406

HIGH

Python < 3.7.1 - Integer Overflow

Title source: rule
STIX 2.1

Description

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

References (15)

Core 15
Core References
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190416-0010/
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://bugs.python.org/issue34656
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4127-2/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4127-1/
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3725
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html

Scores

CVSS v3 7.5
EPSS 0.0156
EPSS Percentile 81.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-190
Status published
Products (5)
debian/debian_linux 8.0
fedoraproject/fedora 28
fedoraproject/fedora 29
fedoraproject/fedora 30
python/python 3.4.0 - 3.7.1
Published Dec 23, 2018
Tracked Since Feb 18, 2026