VYPR
High severity7.5NVD Advisory· Published Sep 25, 2018· Updated Jun 17, 2026

CVE-2018-14647

CVE-2018-14647

Description

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

121

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.