Description

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data.

Remediation

References

CVE-2018-20406

Related Vulnerabilities

MySQL CVE-2015-0506 Vulnerability (CVE-2015-0506)

Moodle CVE-2019-3852 Vulnerability (CVE-2019-3852)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16197)

Moodle Other Vulnerability (CVE-2012-2366)

SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2024-38023)

Severity

High

Classification

CVE-2018-20406 CWE-190 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities