High severity7.5NVD Advisory· Published Jun 18, 2018· Updated Jun 17, 2026
CVE-2018-1060
CVE-2018-1060
Description
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
71- Range: <2.7.15 or <3.4.9 or <3.5.6rc1 or <3.6.5rc1 or <3.7.0
- osv-coords70 versionspkg:rpm/opensuse/python36&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python3-base&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/python3&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/python&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python36-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python36-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python36&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python36&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP1pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/python&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 3.6.15-1.1+ 69 more
- (no CPE)range: < 3.6.15-1.1
- (no CPE)range: < 3.6.10-lp151.6.7.1
- (no CPE)range: < 3.6.10-lp151.6.7.1
- (no CPE)range: < 2.7.18-8.1
- (no CPE)range: < 3.6.10-4.3.5
- (no CPE)range: < 3.6.10-4.3.5
- (no CPE)range: < 3.6.10-4.3.5
- (no CPE)range: < 3.6.10-4.3.5
- (no CPE)range: < 3.4.6-25.16.1
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.4.6-25.16.1
- (no CPE)range: < 3.4.6-25.16.1
- (no CPE)range: < 3.4.6-25.16.1
- (no CPE)range: < 3.4.6-25.16.1
- (no CPE)range: < 3.4.6-25.16.1
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.4.6-25.16.1
- (no CPE)range: < 3.4.6-25.16.1
- (no CPE)range: < 3.4.6-25.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.17-7.32.1
- (no CPE)range: < 2.7.17-7.32.1
- (no CPE)range: < 2.7.17-7.32.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.6-8.40.15.1
- (no CPE)range: < 2.6-8.40.15.1
- (no CPE)range: < 2.6-8.40.15.1
- (no CPE)range: < 2.6-8.40.15.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.6-8.40.15.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.6-8.40.15.1
Patches
Vulnerability mechanics
References
22- bugs.python.org/issue32981nvdExploitIssue TrackingVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.htmlnvdMailing ListThird Party Advisory
- www.securitytracker.com/id/1042001nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHBA-2019:0327nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:3041nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:3505nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2019:1260nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2019:3725nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- docs.python.org/3.5/whatsnew/changelog.htmlnvdProductVendor Advisory
- docs.python.org/3.6/whatsnew/changelog.htmlnvdProductVendor Advisory
- lists.debian.org/debian-lts-announce/2018/09/msg00030.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/09/msg00031.htmlnvdMailing ListThird Party Advisory
- support.hpe.com/hpsc/doc/public/displaynvdThird Party Advisory
- usn.ubuntu.com/3817-1/nvdThird Party Advisory
- usn.ubuntu.com/3817-2/nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4306nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4307nvdThird Party Advisory
- www.oracle.com/security-alerts/cpujan2020.htmlnvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/nvd
News mentions
0No linked articles in our index yet.