CVE-2018-14647
Description
Pythons elementtree C accelerator failed to initialise Expats hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expats internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.634
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2018-1061,CVE-2018-14647,CVE-2018-20406 are affected in Python 3.7.0 | Windows |
| Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.15 | Windows |
| Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.11 | Windows |
| Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 11.1 | Windows |
| An interactive high-level object-oriented language (USN-3134-1) python2.7_2.7.6-8ubuntu0.5_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7_2.7.6-8ubuntu0.5_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7-minimal_2.7.6-8ubuntu0.5_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7-minimal_2.7.6-8ubuntu0.5_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python2.7_2.7.6-8ubuntu0.5_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python2.7_2.7.6-8ubuntu0.5_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python2.7_2.7.15~rc1-1ubuntu0.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python2.7_2.7.15~rc1-1ubuntu0.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python2.7_2.7.12-1ubuntu0~16.04.4_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python2.7_2.7.12-1ubuntu0~16.04.4_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python3.4_3.4.3-1ubuntu1~14.04.7_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python3.4_3.4.3-1ubuntu1~14.04.7_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python3.5_3.5.2-2ubuntu0~16.04.5_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python3.5_3.5.2-2ubuntu0~16.04.5_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python2.7-minimal_2.7.6-8ubuntu0.5_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python2.7-minimal_2.7.6-8ubuntu0.5_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python2.7-minimal_2.7.15~rc1-1ubuntu0.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python2.7-minimal_2.7.15~rc1-1ubuntu0.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python2.7-minimal_2.7.12-1ubuntu0~16.04.4_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python2.7-minimal_2.7.12-1ubuntu0~16.04.4_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python3.4-minimal_3.4.3-1ubuntu1~14.04.7_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python3.4-minimal_3.4.3-1ubuntu1~14.04.7_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python3.5-minimal_3.5.2-2ubuntu0~16.04.5_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3817-1) python3.5-minimal_3.5.2-2ubuntu0~16.04.5_amd64.deb | Linux |
| python2.7 security update(DSA-4306-1) python2.7_2.7.13-2+deb9u3_i386.deb | Linux |
| python2.7 security update(DSA-4306-1) python2.7_2.7.13-2+deb9u3_amd64.deb | Linux |
| python3.5 security update(DSA-4307-1) python3.5_3.5.3-1+deb9u1_i386.deb | Linux |
| python3.5 security update(DSA-4307-1) python3.5_3.5.3-1+deb9u1_amd64.deb | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) libpython2_6-1_0-2.6.9-40.21.1.i586.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) libpython2_6-1_0-2.6.9-40.21.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) libpython2_6-1_0-32bit-2.6.9-40.21.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-2.6.9-40.21.2.i586.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-2.6.9-40.21.2.x86_64.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-32bit-2.6.9-40.21.2.x86_64.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-base-2.6.9-40.21.1.i586.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-base-2.6.9-40.21.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-base-32bit-2.6.9-40.21.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-curses-2.6.9-40.21.2.i586.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-curses-2.6.9-40.21.2.x86_64.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-demo-2.6.9-40.21.2.i586.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-demo-2.6.9-40.21.2.x86_64.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-doc-2.6-8.40.21.1.noarch.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-doc-pdf-2.6-8.40.21.1.noarch.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-gdbm-2.6.9-40.21.2.i586.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-gdbm-2.6.9-40.21.2.x86_64.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-idle-2.6.9-40.21.2.i586.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-idle-2.6.9-40.21.2.x86_64.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-tk-2.6.9-40.21.2.i586.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-tk-2.6.9-40.21.2.x86_64.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-xml-2.6.9-40.21.1.i586.rpm | Linux |
| SUSE-SU-2018:3156-1(SUSE Linux Enterprise Server 11-SP4 ) python-xml-2.6.9-40.21.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0482-1(SUSE Linux Enterprise Desktop 12-SP4 ) libpython2_7-1_0-2.7.13-28.21.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0482-1(SUSE Linux Enterprise Desktop 12-SP3 ) libpython2_7-1_0-32bit-2.7.13-28.21.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0482-1(SUSE Linux Enterprise Desktop 12-SP3 ) libpython2_7-1_0-debuginfo-2.7.13-28.21.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0482-1(SUSE Linux Enterprise Desktop 12-SP3 ) libpython2_7-1_0-debuginfo-32bit-2.7.13-28.21.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0482-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-2.7.13-28.21.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0482-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-base-2.7.13-28.21.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0482-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-base-debuginfo-2.7.13-28.21.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0482-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-base-debuginfo-32bit-2.7.13-28.21.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0482-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-base-debugsource-2.7.13-28.21.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0482-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-curses-2.7.13-28.21.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0482-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-curses-debuginfo-2.7.13-28.21.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0482-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-debuginfo-2.7.13-28.21.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0482-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-debugsource-2.7.13-28.21.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0482-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-devel-2.7.13-28.21.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0482-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-tk-2.7.13-28.21.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0482-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-tk-debuginfo-2.7.13-28.21.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0482-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-xml-2.7.13-28.21.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0482-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-xml-debuginfo-2.7.13-28.21.1.x86_64.rpm | Linux |
| (RHSA-2019:2030) python security and bug fix update python-2.7.5-86.el7.x86_64.rpm | Linux |
| (RHSA-2019:2030) python security and bug fix update python-debug-2.7.5-86.el7.x86_64.rpm | Linux |
| (RHSA-2019:2030) python security and bug fix update python-devel-2.7.5-86.el7.x86_64.rpm | Linux |
| (RHSA-2019:2030) python security and bug fix update python-libs-2.7.5-86.el7.i686.rpm | Linux |
| (RHSA-2019:2030) python security and bug fix update python-libs-2.7.5-86.el7.x86_64.rpm | Linux |
| (RHSA-2019:2030) python security and bug fix update python-test-2.7.5-86.el7.x86_64.rpm | Linux |
| (RHSA-2019:2030) python security and bug fix update python-tools-2.7.5-86.el7.x86_64.rpm | Linux |
| (RHSA-2019:2030) python security and bug fix update tkinter-2.7.5-86.el7.x86_64.rpm | Linux |
| SUSE-SU-2019:2053-1(SUSE Linux Enterprise Server 12-SP5) libpython3_4m1_0-3.4.6-25.29.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2053-1(SUSE Linux Enterprise Server 12-SP5) libpython3_4m1_0-32bit-3.4.6-25.29.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2053-1(SUSE Linux Enterprise Server 12-SP5) libpython3_4m1_0-debuginfo-3.4.6-25.29.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2053-1(SUSE Linux Enterprise Server 12-SP5) libpython3_4m1_0-debuginfo-32bit-3.4.6-25.29.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2053-1(SUSE Linux Enterprise Server 12-SP5) python3-3.4.6-25.29.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2053-1(SUSE Linux Enterprise Server 12-SP5) python3-base-3.4.6-25.29.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2053-1(SUSE Linux Enterprise Server 12-SP5) python3-base-debuginfo-3.4.6-25.29.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2053-1(SUSE Linux Enterprise Server 12-SP5) python3-base-debuginfo-32bit-3.4.6-25.29.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2053-1(SUSE Linux Enterprise Server 12-SP5) python3-base-debugsource-3.4.6-25.29.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2053-1(SUSE Linux Enterprise Server 12-SP5) python3-curses-3.4.6-25.29.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2053-1(SUSE Linux Enterprise Server 12-SP5) python3-curses-debuginfo-3.4.6-25.29.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2053-1(SUSE Linux Enterprise Server 12-SP5) python3-debuginfo-3.4.6-25.29.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2053-1(SUSE Linux Enterprise Server 12-SP5) python3-debugsource-3.4.6-25.29.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2053-1(SUSE Linux Enterprise Server 12-SP5) python3-tk-3.4.6-25.29.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2053-1(SUSE Linux Enterprise Server 12-SP5) python3-tk-debuginfo-3.4.6-25.29.1.x86_64.rpm | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.10_3.10.12-1~22.04.4_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.10_3.10.12-1~22.04.4_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.10-minimal_3.10.12-1~22.04.4_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.10-minimal_3.10.12-1~22.04.4_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.11_3.11.6-3ubuntu0.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.11_3.11.6-3ubuntu0.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.11-minimal_3.11.6-3ubuntu0.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.11-minimal_3.11.6-3ubuntu0.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.12_3.12.0-1ubuntu0.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.12_3.12.0-1ubuntu0.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.12-minimal_3.12.0-1ubuntu0.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.12-minimal_3.12.0-1ubuntu0.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.8_3.8.10-0ubuntu1~20.04.10_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.8_3.8.10-0ubuntu1~20.04.10_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.8-minimal_3.8.10-0ubuntu1~20.04.10_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-6891-1) python3.8-minimal_3.8.10-0ubuntu1~20.04.10_i386.deb | Linux |
| Missing Initialization of Resource Vulnerability (CVE-2018-14647) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234