Description

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data.

Remediation

References

CVE-2018-20406

Related Vulnerabilities

Oracle Database Server CVE-2009-1973 Vulnerability (CVE-2009-1973)

WordPress Plugin Uji Countdown Cross-Site Scripting (2.2)

WordPress Plugin MP3-jPlayer Multiple Cross-Site Request Forgery Vulnerabilities (2.7.3)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.13)

WordPress Plugin Portfolio Gallery-Photo Gallery Cross-Site Scripting (2.2.2)

Severity

High

Classification

CVE-2018-20406 CWE-190 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities