NVD Vulnerability Detail

CVE-2018-1000030

Summary	Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.
Publication Date	Feb. 9, 2018, 2:29 a.m.
Registration Date	March 1, 2021, 6:39 p.m.
Last Update	Nov. 21, 2024, 12:39 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:python:python::::::::			2.7.14

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

Related information, measures and tools

No	URL	タグ
1	https://bugs.python.org/issue31530	Issue Tracking Patch Vendor Advisory
2	https://bugs.python.org/issue31530	Issue Tracking Patch Vendor Advisory
3	https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view	Third Party Advisory
4	https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view	Third Party Advisory
5	https://security.gentoo.org/glsa/201811-02	Third Party Advisory
6	https://security.gentoo.org/glsa/201811-02	Third Party Advisory
7	https://usn.ubuntu.com/3817-1/	Third Party Advisory
8	https://usn.ubuntu.com/3817-1/	Third Party Advisory
9	https://usn.ubuntu.com/3817-2/	Third Party Advisory
10	https://usn.ubuntu.com/3817-2/	Third Party Advisory
11	https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0	Permissions Required
12	https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0	Permissions Required
13	https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory
14	https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-416	解放済みメモリの使用	https://cwe.mitre.org/data/definitions/416.html
2	CWE-787	境界外書き込み	https://cwe.mitre.org/data/definitions/787.html

JVN Vulnerability Information

Python におけるバッファエラーの脆弱性

Title	Python におけるバッファエラーの脆弱性
Summary	Python には、バッファエラーの脆弱性、および競合状態に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Jan. 2, 2018, midnight
Registration Date	March 28, 2018, 2:40 p.m.
Last Update	March 28, 2018, 2:40 p.m.

Affected System

Python Software Foundation

Python 2.7.14

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-1000030	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030
National Vulnerability Database (NVD)
2	CVE-2018-1000030	https://nvd.nist.gov/vuln/detail/CVE-2018-1000030

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html
2	CWE-362	https://jvndb.jvn.jp/ja/cwe/CWE-362.html

ベンダー情報

No	Name	URL
Python bug tracker
1	Issue31530	https://bugs.python.org/issue31530

Change Log

No	Changed Details	Date of change
1	[2018年03月28日] 掲載	March 28, 2018, 2:40 p.m.