RVD icon indicating copy to clipboard operation
RVD copied to clipboard
verified publisher icon aliasrobotics

RVD#1475: Modules/_pickle.c in Python before 3.7.1 has an integer overflow might that can cause memory exhaustion.

Open glerapic opened this issue 5 years ago • 0 comments 

{
    "id": 1475,
    "title": "RVD#1475: Modules/_pickle.c in Python before 3.7.1 has an integer overflow might that can cause memory exhaustion.",
    "type": "vulnerability",
    "description": "Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a \"resize to twice the size\" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data.",
    "cwe": "CWE-190",
    "cve": "CVE-2018-20406",
    "keywords": [
        "Python"
    ],
    "system": "URx",
    "vendor": "Universal Robots",
    "severity": {
        "rvss-score": 8.7,
        "rvss-vector": "RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:T/S:U/C:N/I:N/A:H/H:N",
        "severity-description": "high",
        "cvss-score": 7.5,
        "cvss-vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
    },
    "links": [
        "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20406",
        "https://access.redhat.com/errata/RHSA-2019:3725",
        "https://bugs.python.org/issue34656",
        "https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd",
        "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html",
        "https://security.netapp.com/advisory/ntap-20190416-0010/",
        "https://usn.ubuntu.com/4127-1/",
        "https://usn.ubuntu.com/4127-2/",
        "https://github.com/aliasrobotics/RVD/issues/1475"
    ],
    "flaw": {
        "phase": "exploitation",
        "specificity": "N/A",
        "architectural-location": "application-specific",
        "application": "python",
        "subsystem": "N/A",
        "package": "python2.7-minimal 2.7.3-6+deb7u2 i386",
        "languages": "None",
        "date-detected": null,
        "detected-by": "Victor Mayoral Vilches and Lander Usategui San Juan (Alias Robotics)",
        "detected-by-method": "N/A",
        "date-reported": "2020-04-03",
        "reported-by": "Sam Fowler (Original bug), Alias Robotics S.L.",
        "reported-by-relationship": "Security researcher",
        "issue": "https://github.com/aliasrobotics/RVD/issues/1475",
        "reproducibility": "Always",
        "trace": "N/A",
        "reproduction": "Not available",
        "reproduction-image": "Not available"
    },
    "exploitation": {
        "description": "When serializing Large amounts of data you can perform aninteger overflow via a large LONG_BINPUT value that is mishandled during a \"resize to twice the size\".",
        "exploitation-image": "Not available",
        "exploitation-vector": "Not available"
    },
    "mitigation": {
        "description": "sudo apt-get --assume-yes install --only-upgrade python2.7-minimal",
        "pull-request": "https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd",
        "date-mitigation": null
    }
}

glerapic avatar Apr 03 '20 09:04 glerapic