CVE-2018-1061

HIGH7.5EPSS 1.8%

Published: 6/19/2018Modified: 11/19/2025

Also known as:ALPINE-CVE-2018-1061DEBIAN-CVE-2018-1061

Description

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

Affected packages (3)

Alpine/python2from 0, < 2.7.15-r0
Alpine/python3from 0, < 3.5.6-r0
Debian/python2.7from 0, < 2.7.14-7

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2018-1061
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-1061