ID de Prueba:	1.3.6.1.4.1.25623.1.0.118240
Categoría:	Denial of Service
Título:	Python 3.4.x < 3.4.10, 3.5.x < 3.5.7, 3.6.x < 3.6.7, 3.7.x < 3.7.1 Python Issue (bpo-34656) - Windows
Resumen:	Python is prone to a denial of service (DoS) vulnerability in the; 'pickle.load()' function.
Descripción:	Summary: Python is prone to a denial of service (DoS) vulnerability in the 'pickle.load()' function. Vulnerability Insight: 'Modules/_pickle.c' has an integer overflow via a large 'LONG_BINPUT' value that is mishandled during a 'resize to twice the size' attempt. Vulnerability Impact: This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. Affected Software/OS: Python version 3.4.0 through 3.4.9, 3.5.0 through 3.5.6, 3.6.0 through 3.6.6 and 3.7.x before 3.7.1. Solution: Update to version 3.4.10, 3.5.7, 3.6.7, 3.7.1 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-20406 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/ https://bugs.python.org/issue34656 https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html RedHat Security Advisories: RHSA-2019:3725 https://access.redhat.com/errata/RHSA-2019:3725 SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://usn.ubuntu.com/4127-1/ https://usn.ubuntu.com/4127-2/
Copyright	Copyright (C) 2021 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.