exploit the possibilities
Showing 1 - 11 of 11 RSS Feed

CVE-2018-14647

Status Candidate

Overview

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

Related Files

Red Hat Security Advisory 2020-1462-01
Posted Apr 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1462-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

tags | advisory, python, bypass
systems | linux, redhat
advisories | CVE-2018-14647, CVE-2019-9740, CVE-2019-9947, CVE-2019-9948
MD5 | 24344737005cd9c7bbea17191e60237a
Red Hat Security Advisory 2020-1346-01
Posted Apr 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1346-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

tags | advisory, python, bypass
systems | linux, redhat
advisories | CVE-2018-1060, CVE-2018-1061, CVE-2018-14647, CVE-2019-9740, CVE-2019-9947, CVE-2019-9948
MD5 | 1a4827e0256686b5e054938cbaf866b6
Red Hat Security Advisory 2020-1268-01
Posted Apr 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1268-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

tags | advisory, python, bypass
systems | linux, redhat
advisories | CVE-2018-1060, CVE-2018-1061, CVE-2018-14647, CVE-2019-9740, CVE-2019-9947, CVE-2019-9948
MD5 | 8584dc9f76afaf292c981e9b7937fe77
Red Hat Security Advisory 2019-3725-01
Posted Nov 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3725-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a null pointer vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2018-1060, CVE-2018-1061, CVE-2018-14647, CVE-2018-20406, CVE-2018-20852, CVE-2019-16056, CVE-2019-5010, CVE-2019-9740, CVE-2019-9947
MD5 | b5e37081012fffa8383f809e744723b1
Red Hat Security Advisory 2019-2030-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2030-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include bypass and null pointer vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2018-14647, CVE-2019-5010, CVE-2019-9740, CVE-2019-9947, CVE-2019-9948
MD5 | b76194525372d6ed6d909493d1750fd7
Red Hat Security Advisory 2019-1260-01
Posted May 22, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1260-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2016-10745, CVE-2018-1060, CVE-2018-1061, CVE-2018-14647, CVE-2019-9740, CVE-2019-9947
MD5 | 8789913b6285d14129e87758b445c5a2
Slackware Security Advisory - python Updates
Posted Mar 4, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, python
systems | linux, slackware
advisories | CVE-2013-1752, CVE-2018-14647, CVE-2019-5010
MD5 | 3eb99ececd59f5902ac4f6a8a791a1f8
Ubuntu Security Notice USN-3817-2
Posted Nov 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3817-2 - USN-3817-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2018-1000030, CVE-2018-1000802, CVE-2018-1061, CVE-2018-14647
MD5 | e399e890f8bd1e86e7456e03b8a0fe3d
Ubuntu Security Notice USN-3817-1
Posted Nov 14, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3817-1 - It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that Python incorrectly handled running external commands in the shutil module. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2018-1000030, CVE-2018-1000802, CVE-2018-14647
MD5 | bda0cfe521f33d1b63239f522962f9bd
Debian Security Advisory 4307-1
Posted Sep 30, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4307-1 - to initialize Expat's hash salt, two denial of service issues were found in difflib and poplib and a buffer overflow in PyString_DecodeEscape.

tags | advisory, denial of service, overflow
systems | linux, debian
advisories | CVE-2017-1000158, CVE-2018-1060, CVE-2018-1061, CVE-2018-14647
MD5 | acf1f4f8778776ac275f78fc6fabea12
Debian Security Advisory 4306-1
Posted Sep 28, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4306-1 - Multiple security issues were discovered in Python: ElementTree failed to initialize Expat's hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability.

tags | advisory, denial of service, python
systems | linux, debian
advisories | CVE-2018-1000802, CVE-2018-1060, CVE-2018-1061, CVE-2018-14647
MD5 | 59ac7d08f42ae08ee8581f5c3f9f8e4e
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    8 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    4 Files
  • 26
    Sep 26th
    1 Files
  • 27
    Sep 27th
    1 Files
  • 28
    Sep 28th
    20 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close