CVE-2018-14647

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-14647
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14647.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-14647
Aliases
Downstream
Related
Published
2018-09-25T00:29:00Z
Modified
2024-11-21T03:49:30Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type
GIT
Repo
https://github.com/python/cpython
Events
Introduced
3101b7076270756f8be699358c69c5d15ea2cc48
Last affected
0a5a5af9b6b47727c5ee3def4508dab312949075
Last affected
1bf9cc509326bc42cd8cb1650eb9bf64550d817e
Introduced
5c4568a05a0a62b5947c55f68f9f2ecfb90a4f12
Last affected
4cf1f54eb764f856fda5a394d8598c0c90d69d77
Introduced
2e789a1f1d84b343a996e8654590703b5fbdd441
Last affected
627d0c61ac96009450e3794a2401f244e56fcb79
Last affected
ca079a3ea30098aff3197c559a0e32d42dda6d84