CVE-2018-14647

Name of the Vulnerable Software and Affected Versions Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15

Description The issue is related to Python's elementtree C accelerator failing to initialize Expat's hash salt during initialization. This could facilitate denial of service attacks against Expat by constructing an XML document that causes pathological hash collisions in Expat's internal data structures, consuming large amounts of CPU and RAM. The vulnerability can be exploited by an attacker using a specially crafted XML document to cause a denial of service.

Recommendations For Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.