CVE-2018-14647 Vulnerability Details

  /     /     /  

CVE-2018-14647 Metadata Quick Info

CVE Published: 25/09/2018 | CVE Updated: 05/08/2024 | CVE Year: 2018
Source: redhat | Vendor: The Python Project | Product: Python
Status : PUBLISHED

---

CVE-2018-14647 Description

Python\'s elementtree C accelerator failed to initialise Expat\'s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat\'s internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-665
CWE Name: CWE-665
Source: The Python Project

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).