CVE-2018-20406

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-20406

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20406.json

Aliases

PSF-2018-6

Related

Published

2018-12-23T23:29:00Z

Modified

2023-11-29T06:20:15.264184Z

Details

Modules/pickle.c in Python before 3.7.1 has an integer overflow via a large LONGBINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

References

Affected packages

Alpine:v3.6 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.6.8-r0

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.5-r3

Alpine:v3.7 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.6.8-r0

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.2-r3

3.6.3-r3

3.6.5-r3

Alpine:v3.8 / python3

Package

Name: python3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.6.8-r0

Affected versions

3.*

3.1.3-r0

3.2.0-r0

3.2.3-r0

3.3.0-r0

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.4.1-r0

3.4.2-r0

3.4.2-r1

3.4.3-r1

3.4.3-r2

3.5.0-r0

3.5.1-r0

3.5.1-r1

3.5.1-r2

3.5.1-r3

3.5.2-r3

3.6.0-r3

3.6.1-r3

3.6.2-r3

3.6.3-r3

3.6.4-r3

3.6.6-r3

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Fixed

a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd

Introduced

3101b7076270756f8be699358c69c5d15ea2cc48

Affected versions

3.*

3.2

v3.*

v3.2.6

v3.2.6rc1

v3.3.4

v3.3.4rc1

v3.3.5

v3.3.5rc1

v3.3.5rc2

v3.3.6

v3.3.6rc1

v3.4.0

v3.4.1

v3.4.1rc1

v3.4.2

v3.4.2rc1

v3.4.3

v3.4.3rc1

v3.4.4

v3.4.4rc1

v3.4.5

v3.4.5rc1

v3.4.6

v3.4.6rc1

v3.5.0

v3.5.0a1

v3.5.0a2

v3.5.0a3

v3.5.0a4

v3.5.0b1

v3.5.0b2

v3.5.0b3

v3.5.0b4

v3.5.0rc1

v3.5.0rc2

v3.5.0rc3

v3.5.0rc4

v3.5.1

v3.5.1rc1

v3.5.2

v3.5.2rc1

v3.5.3

v3.5.3rc1

v3.6.0

v3.6.0a1

v3.6.0a2

v3.6.0a3

v3.6.0a4

v3.6.0b1

v3.6.0b2

v3.6.0b3

v3.6.0b4

v3.6.0rc1

v3.6.0rc2

v3.7.0a1

v3.7.0a2

v3.7.0a3

v3.7.0a4