what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2018-14647

Status Candidate

Overview

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

Related Files

Red Hat Security Advisory 2020-1462-01
Posted Apr 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1462-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

tags | advisory, python, bypass
systems | linux, redhat
advisories | CVE-2018-14647, CVE-2019-9740, CVE-2019-9947, CVE-2019-9948
SHA-256 | 13cad2f3b24f9bcb2ffc46f612f937821b8385d1c587da44e80913794075e4a9
Red Hat Security Advisory 2020-1346-01
Posted Apr 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1346-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

tags | advisory, python, bypass
systems | linux, redhat
advisories | CVE-2018-1060, CVE-2018-1061, CVE-2018-14647, CVE-2019-9740, CVE-2019-9947, CVE-2019-9948
SHA-256 | 214f2f6e6d5aaafa4d2104aef7abb772d7a90dbdd57dda1cd516c8b7253b9d4b
Red Hat Security Advisory 2020-1268-01
Posted Apr 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1268-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

tags | advisory, python, bypass
systems | linux, redhat
advisories | CVE-2018-1060, CVE-2018-1061, CVE-2018-14647, CVE-2019-9740, CVE-2019-9947, CVE-2019-9948
SHA-256 | 30344eddc0f59f27bbc3bad70f1d316ba384793bcad4f0e16e37ed8e9972ff72
Red Hat Security Advisory 2019-3725-01
Posted Nov 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3725-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a null pointer vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2018-1060, CVE-2018-1061, CVE-2018-14647, CVE-2018-20406, CVE-2018-20852, CVE-2019-16056, CVE-2019-5010, CVE-2019-9740, CVE-2019-9947
SHA-256 | bbf1288026d411c841fcc3e8a74cffaf02a744569f5e0112ecfc1fdbb50d6127
Red Hat Security Advisory 2019-2030-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2030-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include bypass and null pointer vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2018-14647, CVE-2019-5010, CVE-2019-9740, CVE-2019-9947, CVE-2019-9948
SHA-256 | 6fd91245102802a006109694bf2cbf504a8440df92fcea71cc7c5cb6ed8f2681
Red Hat Security Advisory 2019-1260-01
Posted May 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1260-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2016-10745, CVE-2018-1060, CVE-2018-1061, CVE-2018-14647, CVE-2019-9740, CVE-2019-9947
SHA-256 | 05618523951e266d43a52069da1f0ba34d7ea40ab7b10ec9fbdc045f2a7608d6
Slackware Security Advisory - python Updates
Posted Mar 4, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, python
systems | linux, slackware
advisories | CVE-2013-1752, CVE-2018-14647, CVE-2019-5010
SHA-256 | 52a84adbeec2cbda8ee02c5ecf9133aa6619003fed96dbfff3243a9698dc18ab
Ubuntu Security Notice USN-3817-2
Posted Nov 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3817-2 - USN-3817-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2018-1000030, CVE-2018-1000802, CVE-2018-1061, CVE-2018-14647
SHA-256 | cb1574e89bac72af854da99e6193cfbfb3f0473a690d83816718c2897ab1315e
Ubuntu Security Notice USN-3817-1
Posted Nov 14, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3817-1 - It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that Python incorrectly handled running external commands in the shutil module. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2018-1000030, CVE-2018-1000802, CVE-2018-14647
SHA-256 | 03b91d747808db6662227ba32df53ee769cca67a7c8ef16b220c02b136f095e6
Debian Security Advisory 4307-1
Posted Sep 30, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4307-1 - to initialize Expat's hash salt, two denial of service issues were found in difflib and poplib and a buffer overflow in PyString_DecodeEscape.

tags | advisory, denial of service, overflow
systems | linux, debian
advisories | CVE-2017-1000158, CVE-2018-1060, CVE-2018-1061, CVE-2018-14647
SHA-256 | 78967ba19e83e6c8ce8ffabdf194b5c00c9fb481ae5baced1fd5861130cc732a
Debian Security Advisory 4306-1
Posted Sep 28, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4306-1 - Multiple security issues were discovered in Python: ElementTree failed to initialize Expat's hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability.

tags | advisory, denial of service, python
systems | linux, debian
advisories | CVE-2018-1000802, CVE-2018-1060, CVE-2018-1061, CVE-2018-14647
SHA-256 | 604fe730fa592031cb2dd69abc6480e03447d486f7f09768b5d9c55234af836d
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close