{"id":"CVE-2018-20406","details":"Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a \"resize to twice the size\" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.","aliases":["PSF-2018-6"],"modified":"2026-05-18T12:01:13.715404558Z","published":"2018-12-23T23:29:00.307Z","related":["SUSE-SU-2019:0215-1","SUSE-SU-2019:0243-1","SUSE-SU-2019:0243-2","SUSE-SU-2019:14246-1","SUSE-SU-2020:0114-1","openSUSE-SU-2019:0155-1","openSUSE-SU-2020:0086-1","openSUSE-SU-2024:11284-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"8.0"}],"vendor_product":"debian:debian_linux","cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD"},{"vendor_product":"fedoraproject:fedora","extracted_events":[{"last_affected":"28"},{"last_affected":"29"},{"last_affected":"30"}],"cpes":["cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"],"source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/"},{"type":"WEB","url":"https://usn.ubuntu.com/4127-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/4127-2/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3725"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190416-0010/"},{"type":"FIX","url":"https://bugs.python.org/issue34656"},{"type":"FIX","url":"https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"3101b7076270756f8be699358c69c5d15ea2cc48"},{"fixed":"260ec2c36abd73bac51489108409160427979ede"},{"fixed":"a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd"}],"database_specific":{"extracted_events":[{"introduced":"3.4.0"},{"fixed":"3.7.1"}],"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-20406.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}