Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a resize to twice the size attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Python | Python | 3.4.0 (including) | 3.7.1 (excluding) |
Python3.4 | Ubuntu | trusty | * |
Python3.4 | Ubuntu | trusty/esm | * |
Python3.4 | Ubuntu | upstream | * |
Python3.5 | Ubuntu | esm-infra-legacy/trusty | * |
Python3.5 | Ubuntu | trusty | * |
Python3.5 | Ubuntu | trusty/esm | * |
Python3.5 | Ubuntu | xenial | * |
Python3.6 | Ubuntu | bionic | * |
Python3.6 | Ubuntu | cosmic | * |
Python3.6 | Ubuntu | upstream | * |
Python3.7 | Ubuntu | upstream | * |
Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | rh-python36-python-0:3.6.9-2.el6 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-python36-python-0:3.6.9-2.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | rh-python36-python-0:3.6.9-2.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-python36-python-0:3.6.9-2.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-python36-python-0:3.6.9-2.el7 | * |