CVE-2018-1060Improper Input Validation in Python

CWE-20Improper Input Validation18 documents8 sources
Severity
7.5HIGHNVD
EPSS
1.1%
top 21.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
PythonCanonical Ubuntu LinuxDebian Linux+5 more
Timeline
PublishedJun 18
Latest updateJul 11

Description

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

NVDpython/python2.7.02.7.15+3

Also affects: Debian Linux 8.0, 9.0, Fedora 28, 29, 30, Ubuntu Linux 12.04, 14.04, 16.04, 18.04

🔴Vulnerability Details

4
OSV
python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12 vulnerabilities2024-07-11
GHSA
GHSA-7hp6-577h-hcgr: python before versions 22022-05-13
OSV
CVE-2018-1060: python before versions 22018-06-18
CVEList
CVE-2018-1060: python before versions 22018-06-18

📋Vendor Advisories

5
Ubuntu
Python vulnerabilities2024-07-11
Ubuntu
Python vulnerabilities2018-11-15
Ubuntu
Python vulnerabilities2018-11-13
Red Hat
python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib2018-03-14
Debian
CVE-2018-1060: python2.7 - python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable...2018

💬Community

8
Bugzilla
CVE-2018-1060 CVE-2018-1061 python34: various flaws [fedora-all]2018-04-04
Bugzilla
CVE-2018-1060 CVE-2018-1061 python26: various flaws [fedora-all]2018-04-04
Bugzilla
CVE-2018-1060 CVE-2018-1061 python33: various flaws [fedora-all]2018-04-04
Bugzilla
CVE-2018-1060 CVE-2018-1061 python3: various flaws [fedora-all]2018-04-04
Bugzilla
CVE-2018-1060 CVE-2018-1061 python35: various flaws [fedora-all]2018-04-04
CVE-2018-1060 — Improper Input Validation in Python | cvebase