Denial of Service : Python 2.7.x < 2.7.16, 3.4.x < 3.4.10, 3.5.x < 3.5.7, 3.6.x < 3.6.7, 3.7.0 Python Issue (bpo-34623)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.814307

Categoría: Denial of Service

Título: Python 2.7.x < 2.7.16, 3.4.x < 3.4.10, 3.5.x < 3.5.7, 3.6.x < 3.6.7, 3.7.0 Python Issue (bpo-34623) - Mac OS X

Resumen: Python is prone to a denial of service vulnerability.

Descripción: Summary:
Python is prone to a denial of service vulnerability.

Vulnerability Insight:
The flaw exists because Python's elementtree C accelerator
fails to initialise Expat's hash salt during initialization

Vulnerability Impact:
Successful exploitation allows denial of service attacks
against Expat by constructing an XML document that would cause pathological hash collisions
in Expat's internal data structures, consuming large amounts CPU and RAM.

Affected Software/OS:
Python versions 2.7.0 through 2.7.15, 3.4.0 through 3.4.9,
3.5.0 through 3.5.6, 3.6.0 through 3.6.6 and 3.7.0.

Solution:
Update to version 2.7.16, 3.4.10, 3.5.7, 3.6.7, 3.7.1 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-14647
BugTraq ID: 105396
http://www.securityfocus.com/bid/105396
Debian Security Information: DSA-4306 (Google Search)
https://www.debian.org/security/2018/dsa-4306
Debian Security Information: DSA-4307 (Google Search)
https://www.debian.org/security/2018/dsa-4307
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/
https://bugs.python.org/issue34623
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html
https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html
RedHat Security Advisories: RHSA-2019:1260
https://access.redhat.com/errata/RHSA-2019:1260
RedHat Security Advisories: RHSA-2019:2030
https://access.redhat.com/errata/RHSA-2019:2030
RedHat Security Advisories: RHSA-2019:3725
https://access.redhat.com/errata/RHSA-2019:3725
http://www.securitytracker.com/id/1041740
SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
https://usn.ubuntu.com/3817-1/
https://usn.ubuntu.com/3817-2/

Copyright Copyright (C) 2018 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.814307
Categoría:	Denial of Service
Título:	Python 2.7.x < 2.7.16, 3.4.x < 3.4.10, 3.5.x < 3.5.7, 3.6.x < 3.6.7, 3.7.0 Python Issue (bpo-34623) - Mac OS X
Resumen:	Python is prone to a denial of service vulnerability.
Descripción:	Summary: Python is prone to a denial of service vulnerability. Vulnerability Insight: The flaw exists because Python's elementtree C accelerator fails to initialise Expat's hash salt during initialization Vulnerability Impact: Successful exploitation allows denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Affected Software/OS: Python versions 2.7.0 through 2.7.15, 3.4.0 through 3.4.9, 3.5.0 through 3.5.6, 3.6.0 through 3.6.6 and 3.7.0. Solution: Update to version 2.7.16, 3.4.10, 3.5.7, 3.6.7, 3.7.1 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-14647 BugTraq ID: 105396 http://www.securityfocus.com/bid/105396 Debian Security Information: DSA-4306 (Google Search) https://www.debian.org/security/2018/dsa-4306 Debian Security Information: DSA-4307 (Google Search) https://www.debian.org/security/2018/dsa-4307 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/ https://bugs.python.org/issue34623 https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html RedHat Security Advisories: RHSA-2019:1260 https://access.redhat.com/errata/RHSA-2019:1260 RedHat Security Advisories: RHSA-2019:2030 https://access.redhat.com/errata/RHSA-2019:2030 RedHat Security Advisories: RHSA-2019:3725 https://access.redhat.com/errata/RHSA-2019:3725 http://www.securitytracker.com/id/1041740 SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://usn.ubuntu.com/3817-1/ https://usn.ubuntu.com/3817-2/
Copyright	Copyright (C) 2018 Greenbone AG