| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.2 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as problematic has been discovered in Python 2.6.8/2.7.6/3.3.3. Affected by this issue is the function readline of the component smtplib. The manipulation results in memory allocation.
This vulnerability was named CVE-2013-1752. There is no available exploit.
It is advisable to upgrade the affected component.
Details
A vulnerability classified as critical has been found in Python 2.6.8/2.7.6/3.3.3 (Programming Language Software). Affected is the function readline of the component smtplib. The manipulation with an unknown input leads to a memory allocation vulnerability. CWE is classifying the issue as CWE-789. The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. This is going to have an impact on availability.
The weakness was presented 09/25/2012 by Christian Heimes as Issue16042 as confirmed bug report (Website). The advisory is shared for download at bugs.python.org. This vulnerability is traded as CVE-2013-1752 since 02/15/2013. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are known technical details, but no exploit is available. The advisory points out:
An erroneous or malicious SMTP server can trick the smtplib module to consume large amounts of memory.
The vulnerability scanner Nessus provides a plugin with the ID 75315 (openSUSE Security Update : python3 (openSUSE-SU-2014:0498-1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family SuSE Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 350081 (Amazon Linux Security Advisory for python26: ALAS-2015-621).
Upgrading to version 2.6.9 eliminates this vulnerability. The upgrade is hosted for download at hg.python.org. Applying a patch is able to eliminate this problem. The bugfix is ready for download at hg.python.org. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability. The bug report contains the following remark:
The smtplib module should be modified to use limited readline() with _MAXLINE like the httplib module. (…) RFC 821 specifies rather short line lengths between 512 and 1001 chars including the trailing CRLF. A line limit of a couple of kilobyte should definitely work with all standard conform SMTP clients and servers.
The vulnerability is also documented in the databases at Tenable (75315), SecurityFocus (BID 63804†), OSVDB (101381†) and Secunia (SA56226†). Further details are available at secunia.com. See VDB-11629, VDB-11630, VDB-11631 and VDB-11632 for similar entries. Once again VulDB remains the best source for vulnerability data.
Product
Type
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 7.2
VulDB Base Score: 7.5
VulDB Temp Score: 7.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Memory allocationCWE: CWE-789 / CWE-400 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 75315
Nessus Name: openSUSE Security Update : python3 (openSUSE-SU-2014:0498-1)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 65811
OpenVAS Name: VMSA-2014-0012: VMware vSphere product updates address security vulnerabilities
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Python 2.6.9
Patch: hg.python.org
Timeline
09/25/2012 🔍09/25/2012 🔍
02/15/2013 🔍
09/15/2013 🔍
12/27/2013 🔍
12/27/2013 🔍
06/13/2014 🔍
04/30/2019 🔍
Sources
Advisory: Issue16042Researcher: Christian Heimes
Status: Confirmed
CVE: CVE-2013-1752 (🔍)
GCVE (CVE): GCVE-0-2013-1752
GCVE (VulDB): GCVE-100-11628
OVAL: 🔍
SecurityFocus: 63804 - Python 'readline()' Function Denial of Service Vulnerability
Secunia: 56226 - Python Multiple Vulnerabilities, Less Critical
OSVDB: 101381
Misc.: 🔍
See also: 🔍
Entry
Created: 12/27/2013 18:12Updated: 04/30/2019 08:52
Changes: 12/27/2013 18:12 (70), 04/30/2019 08:52 (6)
Complete: 🔍
Cache ID: 216:9B2:103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.