CVE-2018-14647

CVE-2018-14647

Name

CVE-2018-14647

Description

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647
Issue Tracking	https://bugs.python.org/issue34623
Third Party Advisory	http://www.securityfocus.com/bid/105396
Third Party Advisory	https://www.debian.org/security/2018/dsa-4306
Third Party Advisory	https://www.debian.org/security/2018/dsa-4307
Third Party Advisory	http://www.securitytracker.com/id/1041740
Third Party Advisory	https://usn.ubuntu.com/3817-1/
Third Party Advisory	https://usn.ubuntu.com/3817-2/
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/
Third Party Advisory	https://access.redhat.com/errata/RHSA-2019:1260
Mailing List	https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html
Mailing List	https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html
Third Party Advisory	https://access.redhat.com/errata/RHSA-2019:2030
Third Party Advisory	https://access.redhat.com/errata/RHSA-2019:3725
Mailing List	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
MLIST	https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

Type

URI

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647

Issue Tracking

https://bugs.python.org/issue34623

Third Party Advisory

http://www.securityfocus.com/bid/105396

Third Party Advisory

https://www.debian.org/security/2018/dsa-4306

Third Party Advisory

https://www.debian.org/security/2018/dsa-4307

Third Party Advisory

http://www.securitytracker.com/id/1041740

Third Party Advisory

https://usn.ubuntu.com/3817-1/

Third Party Advisory

https://usn.ubuntu.com/3817-2/

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1260

Mailing List

https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html

Mailing List

https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2030

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3725

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

MLIST

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:python:python::::::::`	python	>= 2.7.0	<= 2.7.15
`cpe:2.3:a:python:python::::::::`	python	>= 3.4.0	<= 3.4.9
`cpe:2.3:a:python:python::::::::`	python	>= 3.5.0	<= 3.5.6
`cpe:2.3:a:python:python::::::::`	python	>= 3.6.0	<= 3.6.6
`cpe:2.3:a:python:python:3.7.0:::::::*`	python	== None	== 3.7.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

python

>= 2.7.0

<= 2.7.15

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

python

>= 3.4.0

<= 3.4.9

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

python

>= 3.5.0

<= 3.5.6

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

python

>= 3.6.0

<= 3.6.6

cpe:2.3:a:python:python:3.7.0:*:*:*:*:*:*:*

python

== None

== 3.7.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
python2	edge-community	2.7.16-r0	None	fixed
python2	3.12-main	2.7.16-r0	None	fixed
python2	3.11-main	2.7.16-r0	None	fixed
python2	3.10-main	2.7.16-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

python2

edge-community

2.7.16-r0

None

fixed

python2

3.12-main

2.7.16-r0

None

fixed

python2

3.11-main

2.7.16-r0

None

fixed

python2

3.10-main

2.7.16-r0

None

fixed

References

Match rules

Vulnerable and fixed packages