Home CVE Database CVE-2018-14647

CVE-2018-14647

Description

Python\'s elementtree C accelerator failed to initialise Expat\'s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat\'s internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable.

Priority: MEDIUM
CVSS v3: 7.5
Publish Date: Sep 24, 2018
Related ID: --
CVSS v2: HIGH
Modified Date: Sep 30, 2018

Find out more about CVE-2018-14647 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

python

Live chat
Online