CVE-2018-1061

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.ISLINEJUNK method. An attacker could use this flaw to cause denial of service.

References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type

GIT

Repo

https://github.com/python/cpython

Events

Introduced

Fixed

ca079a3ea30098aff3197c559a0e32d42dda6d84

Introduced

6046c5e0298c25515ea58abc8ab87f7413e3f743

Fixed

0a5a5af9b6b47727c5ee3def4508dab312949075

Introduced

2e789a1f1d84b343a996e8654590703b5fbdd441

Last affected

27657e7cea26548958518144d63200d7a2333d1c

Introduced

8d999cbf4adea053be6dbb612b9844635c4dfb8e

Last affected

d48ecebad5ac78a1783e09b0d32c211d9754edf4

Introduced

Last affected

dfad352267cee3ea581035622a7371bc3b235378

Introduced

Last affected

bf9cccb2b54ad2c641ea78435a8618a6d251491e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.7.15"
        },
        {
            "introduced": "3.0"
        },
        {
            "fixed": "3.4.9"
        },
        {
            "introduced": "3.5.0"
        },
        {
            "last_affected": "3.5.5"
        },
        {
            "introduced": "3.6"
        },
        {
            "last_affected": "3.6.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.7.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.3"
        }
    ]
}

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.7.0-alpha1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.7.0-alpha2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.7.0-alpha3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.7.0-alpha4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.7.0-beta1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.7.0-beta2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.7.0-beta3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.7.0-beta4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.7.0-beta5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "28"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "29"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "30"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1061.json"