Vulnerability CVE-2018-14647


Published: 2018-09-24   Modified: 2018-09-25

Description:
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.

Type:

CWE-399

(Resource Management Errors)

Vendor: Debian
Product: Debian linux 
Version: 9.0;
Vendor: Fedoraproject
Product: Fedora 
Version: 30;
Vendor: Python
Product: Python 
Version:
3.7.0
3.6.6
3.6.5
3.6.4
3.6.3
3.6.2
3.6.1
3.6.0
3.5.6
3.5.5
3.5.4
3.5.3
3.5.2
3.5.1
3.5.0
3.4.9
3.4.7
3.4.6
3.4.5
3.4.4
3.4.3
3.4.2
3.4.1
3.4.0
2.7.9
2.7.8
2.7.7
2.7.6
2.7.5
2.7.4
2.7.3
2.7.2
2.7.15
2.7.14
2.7.13
2.7.12
2.7.11
2.7.10
2.7.1
2.7.0
Vendor: Canonical
Product: Ubuntu linux 
Version:
18.04
16.04
14.04
12.04

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.securityfocus.com/bid/105396
http://www.securitytracker.com/id/1041740
https://access.redhat.com/errata/RHSA-2019:1260
https://bugs.python.org/issue34623
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/
https://usn.ubuntu.com/3817-1/
https://usn.ubuntu.com/3817-2/
https://www.debian.org/security/2018/dsa-4306
https://www.debian.org/security/2018/dsa-4307

Related CVE
CVE-2019-14835
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descript...
CVE-2019-10197
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared ...
CVE-2019-15717
Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.
CVE-2019-11476
An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-exec...
CVE-2019-15133
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.
CVE-2019-9851
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calli...
CVE-2019-9850
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify tha...
CVE-2019-13377
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able...

Copyright 2019, cxsecurity.com

 

Back to Top