VDB
ALPINE-CVE-2018-1060
ALPINE-CVE-2018-1060
PUBLISHED
CVSS 7.5 HIGH
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.9 | python2 | 0, 2.7.9-r4, 2.7.9-r3 |
| Alpine:v3.6 | python2 | 2.7.8-r0, 2.7.9-r4, 2.7.9-r3 |
| Alpine:v3.12 | python2 | 2.6.1-r0, 2.7.9-r4, 2.7.9-r3 |
| Alpine:v3.10 | python2 | 2.7.3-r5, 2.7.3-r4, 2.7.3-r5 |
| Alpine:v3.8 | python3 | 3.5.1-r3, 3.5.0-r0, 3.4.3-r2 |
| Alpine:v3.5 | python2 | 2.7.6-r1, 2.7.6-r0, 2.7.5-r2 |
| Alpine:v3.7 | python2 | 0, 2.7.6-r1, 2.7.9-r4 |
| Alpine:v3.6 | python3 | 3.6.1-r2, 3.6.1-r3, 3.3.3-r0 |
| Alpine:v3.5 | python3 | 3.5.1-r0, 3.5.2-r9, 3.5.2-r8 |
| Alpine:v3.11 | python2 | 2.7.11-r4, 2.7.11-r5, 2.7.12-r0 |
| Alpine:v3.7 | python3 | 3.6.2-r0, 3.6.3-r9, 3.6.3-r8 |
Timeline
- Jun 18, 2018 CVE Published
- Nov 19, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch