CVE-2018-14647

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-14647

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14647.json

Aliases

PSF-2018-5

Related

Published

2018-09-25T00:29:00Z

Modified

2024-05-14T06:19:15.984155Z

Summary

[none]

Details

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

References

Affected packages

Alpine:v3.10 / python2

Package

Name: python2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.16-r0

Affected versions

2.*

2.6.1-r0

2.6.1-r1

2.6.1-r2

2.6.2-r0

2.6.2-r1

2.6.3-r0

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.5-r3

2.6.5-r4

2.6.5-r5

2.6.5-r6

2.6.5-r7

2.6.5-r8

2.7.2-r8

2.7.3-r8

2.7.5-r8

2.7.6-r8

2.7.7-r8

2.7.8-r8

2.7.9-r8

2.7.10-r8

2.7.11-r8

2.7.12-r8

2.7.13-r8

2.7.14-r8

2.7.15-r8

Alpine:v3.11 / python2

Package

Name: python2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.16-r0

Affected versions

2.*

2.6.1-r0

2.6.1-r1

2.6.1-r2

2.6.2-r0

2.6.2-r1

2.6.3-r0

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.5-r3

2.6.5-r4

2.6.5-r5

2.6.5-r6

2.6.5-r7

2.6.5-r8

2.7.2-r8

2.7.3-r8

2.7.5-r8

2.7.6-r8

2.7.7-r8

2.7.8-r8

2.7.9-r8

2.7.10-r8

2.7.11-r8

2.7.12-r8

2.7.13-r8

2.7.14-r8

2.7.15-r8

Alpine:v3.12 / python2

Package

Name: python2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.16-r0

Affected versions

2.*

2.6.1-r0

2.6.1-r1

2.6.1-r2

2.6.2-r0

2.6.2-r1

2.6.3-r0

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.5-r3

2.6.5-r4

2.6.5-r5

2.6.5-r6

2.6.5-r7

2.6.5-r8

2.7.2-r8

2.7.3-r8

2.7.5-r8

2.7.6-r8

2.7.7-r8

2.7.8-r8

2.7.9-r8

2.7.10-r8

2.7.11-r8

2.7.12-r8

2.7.13-r8

2.7.14-r8

2.7.15-r8

Alpine:v3.6 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.6.8-r0

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.5-r3

Alpine:v3.7 / python2

Package

Name: python2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.15-r2

Affected versions

2.*

2.6.1-r0

2.6.1-r1

2.6.1-r2

2.6.2-r0

2.6.2-r1

2.6.3-r0

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.5-r3

2.6.5-r4

2.6.5-r5

2.6.5-r6

2.6.5-r7

2.6.5-r8

2.7.2-r8

2.7.3-r8

2.7.5-r8

2.7.6-r8

2.7.7-r8

2.7.8-r8

2.7.9-r8

2.7.10-r8

2.7.11-r8

2.7.12-r8

2.7.13-r8

2.7.14-r8

Alpine:v3.7 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.6.8-r0

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.2-r3

3.6.3-r3

3.6.5-r3

Alpine:v3.8 / python2

Package

Name: python2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.15-r2

Affected versions

2.*

2.6.1-r0

2.6.1-r1

2.6.1-r2

2.6.2-r0

2.6.2-r1

2.6.3-r0

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.5-r3

2.6.5-r4

2.6.5-r5

2.6.5-r6

2.6.5-r7

2.6.5-r8

2.7.2-r8

2.7.3-r8

2.7.5-r8

2.7.6-r8

2.7.7-r8

2.7.8-r8

2.7.9-r8

2.7.10-r8

2.7.11-r8

2.7.12-r8

2.7.13-r8

2.7.14-r8

Alpine:v3.8 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.6.8-r0

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.2-r3

3.6.3-r3

3.6.4-r3

3.6.6-r3

Alpine:v3.9 / python2

Package

Name: python2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.7.16-r0

Affected versions

2.*

2.6.1-r0

2.6.1-r1

2.6.1-r2

2.6.2-r0

2.6.2-r1

2.6.3-r0

2.6.4-r0

2.6.5-r0

2.6.5-r1

2.6.5-r2

2.6.5-r3

2.6.5-r4

2.6.5-r5

2.6.5-r6

2.6.5-r7

2.6.5-r8

2.7.2-r8

2.7.3-r8

2.7.5-r8

2.7.6-r8

2.7.7-r8

2.7.8-r8

2.7.9-r8

2.7.10-r8

2.7.11-r8

2.7.12-r8

2.7.13-r8

2.7.14-r8

2.7.15-r8

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Introduced

2e789a1f1d84b343a996e8654590703b5fbdd441

Introduced

3101b7076270756f8be699358c69c5d15ea2cc48

Introduced

5c4568a05a0a62b5947c55f68f9f2ecfb90a4f12

Last affected

0a5a5af9b6b47727c5ee3def4508dab312949075

Last affected

1bf9cc509326bc42cd8cb1650eb9bf64550d817e

Last affected

4cf1f54eb764f856fda5a394d8598c0c90d69d77

Last affected

627d0c61ac96009450e3794a2401f244e56fcb79