vulnerability

Oracle Solaris 11: CVE-2018-20406: Vulnerability in Python 3.4, Python 3.5, Python 3.7

Try Surface Command
Back to search
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
2018-12-23
Added
2019-08-21
Modified
2022-02-17

Description

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Solution(s)

oracle-solaris-11-3-upgrade-library-python-tkinter-34-3-4-10-0-175-3-36-0-26-0oracle-solaris-11-3-upgrade-runtime-python-34-3-4-10-0-175-3-36-0-26-0oracle-solaris-11-4-upgrade-library-python-tkinter-27-2-7-16-11-4-12-0-1-3-0oracle-solaris-11-4-upgrade-library-python-tkinter-34-3-4-10-11-4-12-0-1-3-0oracle-solaris-11-4-upgrade-library-python-tkinter-35-3-5-7-11-4-12-0-1-3-0oracle-solaris-11-4-upgrade-library-python-tkinter-37-3-7-4-11-4-12-0-1-3-0oracle-solaris-11-4-upgrade-runtime-python-27-2-7-16-11-4-12-0-1-3-0oracle-solaris-11-4-upgrade-runtime-python-27-tests-2-7-16-11-4-12-0-1-3-0oracle-solaris-11-4-upgrade-runtime-python-34-3-4-10-11-4-12-0-1-3-0oracle-solaris-11-4-upgrade-runtime-python-35-3-5-7-11-4-12-0-1-3-0oracle-solaris-11-4-upgrade-runtime-python-37-3-7-4-11-4-12-0-1-3-0

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today