CVE-2018-1000802 — Vulnetix

Try Vulnetix Request Demo

CVE-2018-1000802 PUBLISHED

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.

EPSS 27.45% · 96.4th percentile

Risk Scores

EPSS Score

27.45%

96.4th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:14.04:LTS	python3.4	3.4~b1-4ubuntu6, 3.4~b1-5ubuntu2, 3.4~b2-1
Ubuntu:14.04:LTS	python2.7	2.7.6-8ubuntu0.2, 2.7.5-8ubuntu3, 2.7.5-8ubuntu4
Ubuntu:18.04:LTS	python2.7	0, 2.7.14-2ubuntu2, 2.7.14-4
Ubuntu:16.04:LTS	python2.7	2.7.11-7, 2.7.11-7ubuntu1, 2.7.12-1~16.04

Timeline

Sep 18, 2018 CVE Published
Apr 14, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Jan 2, 2023 EPSS Score
Mar 5, 2023 EPSS Score
May 6, 2023 EPSS Score
Sep 7, 2023 EPSS Score
Jan 8, 2024 EPSS Score

References

https://ubuntu.com/security/CVE-2018-1000802 third-party-advisory
https://mega.nz/#!JUFiCC4R!mq-jQ8ySFwIhX6WMDujaZuNBfttDVt7DETlfOIQE1ig third-party-advisory
https://ubuntu.com/security/notices/USN-3817-1 vendor-advisory
https://ubuntu.com/security/notices/USN-3817-2 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2018-1000802 third-party-advisory

Open in Interactive Console →