VulnerableCode Package Details - pkg:deb/ubuntu/python3.4@3.4.3-1ubuntu1~14.04.6

Search for packages

Vulnerability	Summary	Fixed by
VCID-5uf2-rsr8-aaaq Aliases: CVE-2018-1060	python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.	3.4.3-1ubuntu1~14.04.7 Affected by 0 other vulnerabilities.
VCID-t9r7-bftk-aaab Aliases: CVE-2018-1061	python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.	3.4.3-1ubuntu1~14.04.7 Affected by 0 other vulnerabilities.
VCID-tw36-yrrr-aaam Aliases: CVE-2018-14647	Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.	3.4.3-1ubuntu1~14.04.7 Affected by 0 other vulnerabilities.
VCID-x6nm-wmxr-aaad Aliases: CVE-2018-1000802	Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.	3.4.3-1ubuntu1~14.04.7 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5uf2-rsr8-aaaq
Aliases:
CVE-2018-1060

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

3.4.3-1ubuntu1~14.04.7
Affected by 0 other vulnerabilities.

VCID-t9r7-bftk-aaab
Aliases:
CVE-2018-1061

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

3.4.3-1ubuntu1~14.04.7
Affected by 0 other vulnerabilities.

VCID-tw36-yrrr-aaam
Aliases:
CVE-2018-14647

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

3.4.3-1ubuntu1~14.04.7
Affected by 0 other vulnerabilities.

VCID-x6nm-wmxr-aaad
Aliases:
CVE-2018-1000802

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.

3.4.3-1ubuntu1~14.04.7
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-xjag-yukv-aaae	CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)	CVE-2017-1000158

Vulnerability

Summary

Aliases

VCID-xjag-yukv-aaae

CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)

CVE-2017-1000158

Next non-vulnerable version	3.4.3-1ubuntu1~14.04.7
Latest non-vulnerable version	3.4.3-1ubuntu1~14.04.7
Risk	4.5