Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2018-09-25T00:00:00
Updated: 2020-07-29T11:06:41
Reserved: 2018-07-27T00:00:00
Link: CVE-2018-14647
JSON object: View
NVD Information
Status : Modified
Published: 2018-09-25T00:29:00.703
Modified: 2023-11-07T02:53:00.167
Link: CVE-2018-14647
JSON object: View
Redhat Information
No data.