{
  "threat_severity" : "Low",
  "public_date" : "2018-03-14T00:00:00Z",
  "bugzilla" : {
    "description" : "python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib",
    "id" : "1549191",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1549191"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.", "A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop() method. An attacker could use this flaw to cause denial of service." ],
  "acknowledgement" : "Red Hat would like to thank the Python security response team for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-10-30T00:00:00Z",
    "advisory" : "RHSA-2018:3041",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "python-0:2.7.5-76.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2020-04-07T00:00:00Z",
    "advisory" : "RHSA-2020:1346",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "python-0:2.7.5-63.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
    "release_date" : "2020-04-07T00:00:00Z",
    "advisory" : "RHSA-2020:1346",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.4",
    "package" : "python-0:2.7.5-63.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
    "release_date" : "2020-04-07T00:00:00Z",
    "advisory" : "RHSA-2020:1346",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.4",
    "package" : "python-0:2.7.5-63.el7_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.5 Extended Update Support",
    "release_date" : "2020-04-01T00:00:00Z",
    "advisory" : "RHSA-2020:1268",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.5",
    "package" : "python-0:2.7.5-74.el7_5"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6",
    "release_date" : "2019-05-22T00:00:00Z",
    "advisory" : "RHSA-2019:1260",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6",
    "package" : "python27-python-0:2.7.16-4.el6"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6",
    "release_date" : "2019-05-22T00:00:00Z",
    "advisory" : "RHSA-2019:1260",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6",
    "package" : "python27-python-jinja2-0:2.6-12.el6"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6",
    "release_date" : "2019-11-06T00:00:00Z",
    "advisory" : "RHSA-2019:3725",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6",
    "package" : "rh-python36-python-0:3.6.9-2.el6"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "release_date" : "2019-05-22T00:00:00Z",
    "advisory" : "RHSA-2019:1260",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "python27-python-0:2.7.16-4.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "release_date" : "2019-05-22T00:00:00Z",
    "advisory" : "RHSA-2019:1260",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "python27-python-jinja2-0:2.6-15.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "release_date" : "2019-11-06T00:00:00Z",
    "advisory" : "RHSA-2019:3725",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-python36-python-0:3.6.9-2.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS",
    "release_date" : "2019-05-22T00:00:00Z",
    "advisory" : "RHSA-2019:1260",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "python27-python-0:2.7.16-4.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS",
    "release_date" : "2019-05-22T00:00:00Z",
    "advisory" : "RHSA-2019:1260",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "python27-python-jinja2-0:2.6-15.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS",
    "release_date" : "2019-05-22T00:00:00Z",
    "advisory" : "RHSA-2019:1260",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "python27-python-0:2.7.16-4.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS",
    "release_date" : "2019-05-22T00:00:00Z",
    "advisory" : "RHSA-2019:1260",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "python27-python-jinja2-0:2.6-15.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS",
    "release_date" : "2019-11-06T00:00:00Z",
    "advisory" : "RHSA-2019:3725",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-python36-python-0:3.6.9-2.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS",
    "release_date" : "2019-05-22T00:00:00Z",
    "advisory" : "RHSA-2019:1260",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "python27-python-0:2.7.16-4.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS",
    "release_date" : "2019-05-22T00:00:00Z",
    "advisory" : "RHSA-2019:1260",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "python27-python-jinja2-0:2.6-15.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS",
    "release_date" : "2019-11-06T00:00:00Z",
    "advisory" : "RHSA-2019:3725",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-python36-python-0:3.6.9-2.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS",
    "release_date" : "2019-11-06T00:00:00Z",
    "advisory" : "RHSA-2019:3725",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-python36-python-0:3.6.9-2.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "python",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "python",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Will not fix",
    "package_name" : "rh-python34-python",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Fix deferred",
    "package_name" : "rh-python35-python",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-1060\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1060\nhttps://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final" ],
  "name" : "CVE-2018-1060",
  "csaw" : false
}