CVE-2018-1060

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

Published: Jun 18, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-1060
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
python / python	2.7.0	2.7.15
python / python	3.5.0	3.5.6
python / python	3.0.0	3.4.9
python / python	3.6.0.x	3.6.5
fedoraproject / fedora	28	28.x
fedoraproject / fedora	29	29.x
fedoraproject / fedora	30	30.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	18.04	18.04.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / ansible_tower	3.3	3.3.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x

Vulnerability Database

289,599

CVE-2018-1060