VDB

ALPINE-CVE-2018-1060

ALPINE-CVE-2018-1060 PUBLISHED CVSS 7.5 HIGH

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Alpine:v3.9python20, 2.7.9-r4, 2.7.9-r3
Alpine:v3.6python22.7.8-r0, 2.7.9-r4, 2.7.9-r3
Alpine:v3.12python22.6.1-r0, 2.7.9-r4, 2.7.9-r3
Alpine:v3.10python22.7.3-r5, 2.7.3-r4, 2.7.3-r5
Alpine:v3.8python33.5.1-r3, 3.5.0-r0, 3.4.3-r2
Alpine:v3.5python22.7.6-r1, 2.7.6-r0, 2.7.5-r2
Alpine:v3.7python20, 2.7.6-r1, 2.7.9-r4
Alpine:v3.6python33.6.1-r2, 3.6.1-r3, 3.3.3-r0
Alpine:v3.5python33.5.1-r0, 3.5.2-r9, 3.5.2-r8
Alpine:v3.11python22.7.11-r4, 2.7.11-r5, 2.7.12-r0
Alpine:v3.7python33.6.2-r0, 3.6.3-r9, 3.6.3-r8

Timeline

  • Jun 18, 2018 CVE Published
  • Nov 19, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch
Open in Interactive Console →
$ Console Community · 100/wk Open console ›