python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Python | Python | * | 2.7.15 (excluding) |
| Python | Python | 3.0 (including) | 3.4.9 (excluding) |
| Python | Python | 3.5.0 (including) | 3.5.5 (including) |
| Python | Python | 3.6 (including) | 3.6.4 (including) |
| Python | Python | 3.7.0-alpha1 (including) | 3.7.0-alpha1 (including) |
| Python | Python | 3.7.0-alpha2 (including) | 3.7.0-alpha2 (including) |
| Python | Python | 3.7.0-alpha3 (including) | 3.7.0-alpha3 (including) |
| Python | Python | 3.7.0-alpha4 (including) | 3.7.0-alpha4 (including) |
| Python | Python | 3.7.0-beta1 (including) | 3.7.0-beta1 (including) |
| Python | Python | 3.7.0-beta2 (including) | 3.7.0-beta2 (including) |
| Python | Python | 3.7.0-beta3 (including) | 3.7.0-beta3 (including) |
| Python | Python | 3.7.0-beta4 (including) | 3.7.0-beta4 (including) |
| Python | Python | 3.7.0-beta5 (including) | 3.7.0-beta5 (including) |
| Python | Python | 3.7.0-rc1 (including) | 3.7.0-rc1 (including) |