Medium severity6.5NVD Advisory· Published Jun 19, 2018· Updated Jun 17, 2026
CVE-2018-1061
CVE-2018-1061
Description
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
67- Range: <2.7.15, <3.4.9, <3.5.6rc1, <3.6.5rc1, <3.7.0
- osv-coords66 versionspkg:rpm/opensuse/python36&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python3-base&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/python3&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/python&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP1pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/python&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 3.6.15-1.1+ 65 more
- (no CPE)range: < 3.6.15-1.1
- (no CPE)range: < 3.6.10-lp151.6.7.1
- (no CPE)range: < 3.6.10-lp151.6.7.1
- (no CPE)range: < 2.7.18-8.1
- (no CPE)range: < 3.4.6-25.16.1
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.4.6-25.16.1
- (no CPE)range: < 3.4.6-25.16.1
- (no CPE)range: < 3.4.6-25.16.1
- (no CPE)range: < 3.4.6-25.16.1
- (no CPE)range: < 3.4.6-25.16.1
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.4.6-25.16.1
- (no CPE)range: < 3.4.6-25.16.1
- (no CPE)range: < 3.4.6-25.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.17-7.32.1
- (no CPE)range: < 2.7.17-7.32.1
- (no CPE)range: < 2.7.17-7.32.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.6.9-40.15.1
- (no CPE)range: < 2.6-8.40.15.1
- (no CPE)range: < 2.6-8.40.15.1
- (no CPE)range: < 2.6-8.40.15.1
- (no CPE)range: < 2.6-8.40.15.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.6-8.40.15.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.7.13-28.16.1
- (no CPE)range: < 2.6-8.40.15.1
Patches
Vulnerability mechanics
References
21- www.securitytracker.com/id/1042001nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHBA-2019:0327nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:3041nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:3505nvdThird Party Advisory
- bugs.python.org/issue32981nvdVendor Advisory
- docs.python.org/3.5/whatsnew/changelog.htmlnvdVendor Advisory
- docs.python.org/3.6/whatsnew/changelog.htmlnvdVendor Advisory
- lists.debian.org/debian-lts-announce/2018/09/msg00030.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/09/msg00031.htmlnvdMailing ListThird Party Advisory
- usn.ubuntu.com/3817-1/nvdThird Party Advisory
- usn.ubuntu.com/3817-2/nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4306nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4307nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.htmlnvd
- access.redhat.com/errata/RHSA-2019:1260nvd
- access.redhat.com/errata/RHSA-2019:3725nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/nvd
- support.hpe.com/hpsc/doc/public/displaynvd
News mentions
0No linked articles in our index yet.