CVE-2018-1061

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

Published: Jun 19, 2018
Updated: Nov 9, 2025
CVE: CVE-2018-1061
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
python / python	-	2.7.15
python / python	3.0	3.4.9
python / python	3.6	3.6.4.x
python / python	3.5.0	3.5.5.x
python / python	3.7.0-alpha1	3.7.0-alpha1.x
python / python	3.7.0-alpha2	3.7.0-alpha2.x
python / python	3.7.0-alpha3	3.7.0-alpha3.x
python / python	3.7.0-alpha4	3.7.0-alpha4.x
python / python	3.7.0-beta1	3.7.0-beta1.x
python / python	3.7.0-beta2	3.7.0-beta2.x
python / python	3.7.0-beta3	3.7.0-beta3.x
python / python	3.7.0-beta4	3.7.0-beta4.x
python / python	3.7.0-beta5	3.7.0-beta5.x
python / python	3.7.0-rc1	3.7.0-rc1.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / ansible_tower	3.3	3.3.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	18.04	18.04.x
fedoraproject / fedora	28	28.x
fedoraproject / fedora	29	29.x
fedoraproject / fedora	30	30.x

Vulnerability Database

300,444

CVE-2018-1061

Deep Security Visibility Without the Complexity