CVE-2018-1000030

Priority
Description
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a
Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable
and it appears that Python 2.7.17 and prior may also be vulnerable however
this has not been confirmed. The vulnerability lies when multiply threads
are handling large amounts of data. In both cases there is essentially a
race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is
creating the size for a buffer, but Thread1 is already writing to the
buffer without knowing how much to write. So when a large amount of data is
being processed, it is very easy to cause memory corruption using a
Heap-Buffer-Overflow. As for the Use-After-Free,
Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT
has stated that this is not a security vulnerability due to the fact that
the attacker must be able to run code, however in some situations, such as
function as a service, this vulnerability can potentially be used by an
attacker to violate a trust boundary, as such the DWF feels this issue
deserves a CVE.
Notes
 mdeslaur> original fix caused a regression, see second commit
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2.7.3-0ubuntu3.11)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.7.6-8ubuntu0.5)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.7.12-1ubuntu0~16.04.4)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.7.15~rc1-1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (2.7.15~rc1-1)
Ubuntu 19.04 (Disco Dingo):not-affected (2.7.15~rc1-1)
Patches:
Upstream:https://github.com/python/cpython/commit/6401e5671781eb217ee1afb4603cc0d1b0367ae6
Upstream:https://github.com/python/cpython/commit/dbf52e02f18dac6f5f0a64f78932f3dc6efc056b
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:not-affected
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
More Information

Updated: 2018-11-15 17:14:55 UTC (commit 38bef43542b89f7c2f580d6ea1e32826421f607e)