Vulnerability-Lookup

BDU:2019-04237

Vulnerability from fstec - Published: 19.07.2018

Title

Уязвимость метода pop3lib apop() интерпретатора языка программирования Python, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость метода pop3lib apop() интерпретатора языка программирования Python существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Canonical Ltd., Сообщество свободного программного обеспечения, Fedora Project, ООО «РусБИТех-Астра», Red Hat Inc., Python Software Foundation, Oracle Corp.

Software Name

Ubuntu, Debian GNU/Linux, Fedora, Astra Linux Special Edition (запись в едином реестре российских программ №369), Red Hat Enterprise Linux, Ansible Tower, Python, Sun ZFS Storage Appliance Kit

Software Version

14.04 LTS (Ubuntu), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 28 (Fedora), 1.6 «Смоленск» (Astra Linux Special Edition), 29 (Fedora), 12.04 ESM (Ubuntu), Server 7.0 (Red Hat Enterprise Linux), Desktop 7.0 (Red Hat Enterprise Linux), Workstation 7.0 (Red Hat Enterprise Linux), 3.3 (Ansible Tower), 30 (Fedora), 8 (Debian GNU/Linux), до 2.7.15 (Python), от 3.0 до 3.4.9 (Python), от 3.5.0 до 3.5.5 (Python), от 3.6.0 до 3.6.4 (Python), от 3.6.5 до 3.7.0 (Python), 8.8.6 (Sun ZFS Storage Appliance Kit)

Possible Mitigations

Использование рекомендаций: Для Astra Linux: https://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734 Для программных продутов Python Software Foundation: https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1 https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1 Для Debian GNU/Linux: https://www.debian.org/security/2018/dsa-4306 https://www.debian.org/security/2018/dsa-4307 https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html Для программных продутов Red Hat Inc.: https://access.redhat.com/errata/RHSA-2018:3041 https://access.redhat.com/security/cve/cve-2018-1060 Для Ubuntu: https://usn.ubuntu.com/3817-1/ https://usn.ubuntu.com/3817-2/ Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/ Для программных продутов Оracle Corp.: https://www.oracle.com/security-alerts/cpujan2020.html

Reference

https://www.cvedetails.com/cve/CVE-2018-1060/?q=CVE-2018-1060 https://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734 https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1 https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1 https://www.debian.org/security/2018/dsa-4306 https://www.debian.org/security/2018/dsa-4307 https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html https://access.redhat.com/errata/RHSA-2018:3041 https://access.redhat.com/security/cve/cve-2018-1060 https://usn.ubuntu.com/3817-1/ https://usn.ubuntu.com/3817-2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/ https://nvd.nist.gov/vuln/detail/CVE-2018-1060 https://www.oracle.com/security-alerts/public-vuln-to-advisory-mapping.html https://www.oracle.com/security-alerts/cpujan2020.html

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Fedora Project, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Red Hat Inc., Python Software Foundation, Oracle Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "14.04 LTS (Ubuntu), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 28 (Fedora), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 29 (Fedora), 12.04 ESM (Ubuntu), Server 7.0 (Red Hat Enterprise Linux), Desktop 7.0 (Red Hat Enterprise Linux), Workstation 7.0 (Red Hat Enterprise Linux), 3.3 (Ansible Tower), 30 (Fedora), 8 (Debian GNU/Linux), \u0434\u043e 2.7.15 (Python), \u043e\u0442 3.0 \u0434\u043e 3.4.9 (Python), \u043e\u0442 3.5.0 \u0434\u043e 3.5.5 (Python), \u043e\u0442 3.6.0 \u0434\u043e 3.6.4 (Python), \u043e\u0442 3.6.5 \u0434\u043e 3.7.0 (Python), 8.8.6 (Sun ZFS Storage Appliance Kit)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u0442\u043e\u0432 Python Software Foundation: \nhttps://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1\nhttps://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://www.debian.org/security/2018/dsa-4306\nhttps://www.debian.org/security/2018/dsa-4307\nhttps://lists.debian.org/debian-lts-announce/2018/09/msg00031.html\nhttps://lists.debian.org/debian-lts-announce/2018/09/msg00030.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/errata/RHSA-2018:3041\nhttps://access.redhat.com/security/cve/cve-2018-1060\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/3817-1/\nhttps://usn.ubuntu.com/3817-2/\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u0442\u043e\u0432 \u041eracle Corp.:\nhttps://www.oracle.com/security-alerts/cpujan2020.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "19.07.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "03.02.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.11.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-04237",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-1060",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Debian GNU/Linux, Fedora, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Enterprise Linux, Ansible Tower, Python, Sun ZFS Storage Appliance Kit",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 14.04 LTS , Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Fedora Project Fedora 28 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Fedora Project Fedora 29 , Canonical Ltd. Ubuntu 12.04 ESM , Red Hat Inc. Red Hat Enterprise Linux Server 7.0 , Red Hat Inc. Red Hat Enterprise Linux Desktop 7.0 , Red Hat Inc. Red Hat Enterprise Linux Workstation 7.0 , Fedora Project Fedora 30 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0442\u043e\u0434\u0430 pop3lib apop() \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Python, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0442\u043e\u0434\u0430 pop3lib apop() \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Python \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cvedetails.com/cve/CVE-2018-1060/?q=CVE-2018-1060\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734\nhttps://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1\nhttps://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1\nhttps://www.debian.org/security/2018/dsa-4306\nhttps://www.debian.org/security/2018/dsa-4307\nhttps://lists.debian.org/debian-lts-announce/2018/09/msg00031.html\nhttps://lists.debian.org/debian-lts-announce/2018/09/msg00030.html\nhttps://access.redhat.com/errata/RHSA-2018:3041\nhttps://access.redhat.com/security/cve/cve-2018-1060\nhttps://usn.ubuntu.com/3817-1/\nhttps://usn.ubuntu.com/3817-2/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1060\nhttps://www.oracle.com/security-alerts/public-vuln-to-advisory-mapping.html\nhttps://www.oracle.com/security-alerts/cpujan2020.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CVE-2018-1060 (GCVE-0-2018-1060)

Vulnerability from cvelistv5 – Published: 2018-06-18 14:00 – Updated: 2024-08-05 03:44

Summary

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE

CWE-20

Assigner

redhat

References

URL

Tags

	https://www.debian.org/security/2018/dsa-4306	vendor-advisoryx_refsource_DEBIAN
	http://www.securitytracker.com/id/1042001	vdb-entryx_refsource_SECTRACK
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://bugs.python.org/issue32981	x_refsource_CONFIRM
	https://usn.ubuntu.com/3817-2/	vendor-advisoryx_refsource_UBUNTU
	https://docs.python.org/3.6/whatsnew/changelog.ht…	x_refsource_CONFIRM
	https://docs.python.org/3.5/whatsnew/changelog.ht…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:3505	vendor-advisoryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:3041	vendor-advisoryx_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4307	vendor-advisoryx_refsource_DEBIAN
	https://usn.ubuntu.com/3817-1/	vendor-advisoryx_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://access.redhat.com/errata/RHBA-2019:0327	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1260	vendor-advisoryx_refsource_REDHAT
	https://support.hpe.com/hpsc/doc/public/display?d…	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:3725	vendor-advisoryx_refsource_REDHAT
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Impacted products

	Vendor	Product	Version
	[UNKNOWN]	python	Affected: python 2.7.15 Affected: python 3.4.9 Affected: python 3.5.6 Affected: python 3.7.0

Date Public ?

2018-03-14 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:44:12.002Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4306",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4306"
          },
          {
            "name": "1042001",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1042001"
          },
          {
            "name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.python.org/issue32981"
          },
          {
            "name": "USN-3817-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3817-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1"
          },
          {
            "name": "RHSA-2018:3505",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3505"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060"
          },
          {
            "name": "RHSA-2018:3041",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3041"
          },
          {
            "name": "DSA-4307",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4307"
          },
          {
            "name": "USN-3817-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3817-1/"
          },
          {
            "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html"
          },
          {
            "name": "FEDORA-2019-6e1938a3c5",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/"
          },
          {
            "name": "FEDORA-2019-cf725dd20b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/"
          },
          {
            "name": "FEDORA-2019-51f1e08207",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/"
          },
          {
            "name": "RHBA-2019:0327",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:0327"
          },
          {
            "name": "RHSA-2019:1260",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1260"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us"
          },
          {
            "name": "RHSA-2019:3725",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3725"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "openSUSE-SU-2020:0086",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "python",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "python 2.7.15"
            },
            {
              "status": "affected",
              "version": "python 3.4.9"
            },
            {
              "status": "affected",
              "version": "python 3.5.6"
            },
            {
              "status": "affected",
              "version": "python 3.7.0"
            }
          ]
        }
      ],
      "datePublic": "2018-03-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib\u0027s apop() method. An attacker could use this flaw to cause denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-21T21:06:22.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "DSA-4306",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4306"
        },
        {
          "name": "1042001",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1042001"
        },
        {
          "name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.python.org/issue32981"
        },
        {
          "name": "USN-3817-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3817-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1"
        },
        {
          "name": "RHSA-2018:3505",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3505"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060"
        },
        {
          "name": "RHSA-2018:3041",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3041"
        },
        {
          "name": "DSA-4307",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4307"
        },
        {
          "name": "USN-3817-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3817-1/"
        },
        {
          "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html"
        },
        {
          "name": "FEDORA-2019-6e1938a3c5",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/"
        },
        {
          "name": "FEDORA-2019-cf725dd20b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/"
        },
        {
          "name": "FEDORA-2019-51f1e08207",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/"
        },
        {
          "name": "RHBA-2019:0327",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:0327"
        },
        {
          "name": "RHSA-2019:1260",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1260"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us"
        },
        {
          "name": "RHSA-2019:3725",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3725"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "name": "openSUSE-SU-2020:0086",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-1060",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "python",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "python 2.7.15"
                          },
                          {
                            "version_value": "python 3.4.9"
                          },
                          {
                            "version_value": "python 3.5.6"
                          },
                          {
                            "version_value": "python 3.7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "[UNKNOWN]"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib\u0027s apop() method. An attacker could use this flaw to cause denial of service."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4306",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4306"
            },
            {
              "name": "1042001",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1042001"
            },
            {
              "name": "[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html"
            },
            {
              "name": "https://bugs.python.org/issue32981",
              "refsource": "CONFIRM",
              "url": "https://bugs.python.org/issue32981"
            },
            {
              "name": "USN-3817-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3817-2/"
            },
            {
              "name": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1",
              "refsource": "CONFIRM",
              "url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1"
            },
            {
              "name": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1",
              "refsource": "CONFIRM",
              "url": "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1"
            },
            {
              "name": "RHSA-2018:3505",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3505"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060"
            },
            {
              "name": "RHSA-2018:3041",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3041"
            },
            {
              "name": "DSA-4307",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4307"
            },
            {
              "name": "USN-3817-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3817-1/"
            },
            {
              "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html"
            },
            {
              "name": "FEDORA-2019-6e1938a3c5",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/"
            },
            {
              "name": "FEDORA-2019-cf725dd20b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/"
            },
            {
              "name": "FEDORA-2019-51f1e08207",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/"
            },
            {
              "name": "RHBA-2019:0327",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2019:0327"
            },
            {
              "name": "RHSA-2019:1260",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1260"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03951en_us"
            },
            {
              "name": "RHSA-2019:3725",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3725"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "openSUSE-SU-2020:0086",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-1060",
    "datePublished": "2018-06-18T14:00:00.000Z",
    "dateReserved": "2017-12-04T00:00:00.000Z",
    "dateUpdated": "2024-08-05T03:44:12.002Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-04237

CVE-2018-1060 (GCVE-0-2018-1060)

Tags

Sightings

Nomenclature