{"id":"PSF-2018-5","summary":"_elementree C accelerator doesn't call XML_SetHashSalt()","details":"Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.","aliases":["CVE-2018-14647"],"modified":"2025-09-19T01:45:46.988897Z","published":"2018-09-25T00:00:00Z","database_specific":{"cwe_ids":[]},"references":[{"type":"REPORT","url":"https://bugs.python.org/issue34623"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1632095"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"18b20bad75b4ff0486940fba4ec680e96e70f3a2"},{"fixed":"41b48e71ac8a71f56694b548f118bd20ce203410"},{"fixed":"470a435f3b42c9be5fdb7f7b04f3df5663ba7305"},{"fixed":"cb5778f00ce48631c7140f33ba242496aaf7102b"},{"fixed":"d16eaf36795da48b930b80b20d3805bc27820712"},{"fixed":"f7666e828cc3d5873136473ea36ba2013d624fa1"}]}],"versions":["2.5","3.2","v0.9.8","v0.9.9","v1.0.1","v1.0.2","v1.1","v1.1.1","v1.2","v1.2b1","v1.2b2","v1.2b3","v1.2b4","v1.3","v1.3b1","v1.4","v1.4b1","v1.4b2","v1.4b3","v1.5","v1.5.1","v1.5.2","v1.5.2a1","v1.5.2a2","v1.5.2b1","v1.5.2b2","v1.5.2c1","v1.5a1","v1.5a2","v1.5a3","v1.5a4","v1.5b1","v1.5b2","v1.6a1","v1.6a2","v2.0","v2.0b1","v2.0b2","v2.0c1","v2.1","v2.1a1","v2.1a2","v2.1b1","v2.1b2","v2.1c1","v2.1c2","v2.2a3","v2.3c1","v2.3c2","v2.4","v2.4a1","v2.4a2","v2.4a3","v2.4b1","v2.4b2","v2.4c1","v2.5","v2.5.1","v2.5.1c1","v2.5.2","v2.5.2c1","v2.5.3","v2.5.3c1","v2.5.4","v2.5.5","v2.5.5c1","v2.5.5c2","v2.5.6","v2.5.6c1","v2.5a0","v2.5a1","v2.5a2","v2.5b1","v2.5b2","v2.5b3","v2.5c1","v2.5c2","v2.6","v2.6.1","v2.6.2","v2.6.2c1","v2.6.3","v2.6.3rc1","v2.6.4","v2.6.4rc1","v2.6.4rc2","v2.6.5","v2.6.5rc1","v2.6.5rc2","v2.6.6","v2.6.6rc1","v2.6.6rc2","v2.6.7","v2.6.8","v2.6.8rc1","v2.6.8rc2","v2.6a1","v2.6a2","v2.6a3","v2.6b1","v2.6b2","v2.6b3","v2.6rc1","v2.6rc2","v2.7","v2.7.1","v2.7.1rc1","v2.7.2","v2.7.2rc1","v2.7.3","v2.7.3rc1","v2.7.3rc2","v2.7.4rc1","v2.7a1","v2.7a2","v2.7a3","v2.7a4","v2.7b1","v2.7b2","v2.7rc1","v2.7rc2","v3.0a1","v3.0a2","v3.0a3","v3.0a4","v3.0a5","v3.0b1","v3.0b2","v3.0b3","v3.0rc1","v3.0rc2","v3.0rc3","v3.1","v3.1.1","v3.1.1rc1","v3.1.2","v3.1.2rc1","v3.1.3","v3.1.3rc1","v3.1.4","v3.1.4rc1","v3.1.5","v3.1.5rc1","v3.1.5rc2","v3.1a1","v3.1a2","v3.1b1","v3.1rc1","v3.1rc2","v3.2","v3.2.1","v3.2.1b1","v3.2.1rc1","v3.2.1rc2","v3.2.2","v3.2.2rc1","v3.2.3","v3.2.3rc1","v3.2.3rc2","v3.2.4","v3.2.4rc1","v3.2.5","v3.2.6","v3.2.6rc1","v3.2a1","v3.2a2","v3.2a3","v3.2a4","v3.2b1","v3.2b2","v3.2rc1","v3.2rc2","v3.2rc3","v3.3.0","v3.3.0a1","v3.3.0a2","v3.3.0a3","v3.3.0a4","v3.3.0b1","v3.3.0b2","v3.3.0rc1","v3.3.0rc2","v3.3.0rc3","v3.3.1","v3.3.1rc1","v3.3.2","v3.3.3","v3.3.3rc1","v3.3.3rc2","v3.3.4","v3.3.4rc1","v3.3.5","v3.3.5rc1","v3.3.5rc2","v3.3.6","v3.3.6rc1","v3.4.0","v3.4.0a1","v3.4.0a2","v3.4.0a3","v3.4.0a4","v3.4.0b1","v3.4.0b2","v3.4.0b3","v3.4.0rc1","v3.4.0rc2","v3.4.0rc3","v3.4.1","v3.4.1rc1","v3.4.2","v3.4.2rc1","v3.4.3","v3.4.3rc1","v3.4.4","v3.4.4rc1","v3.4.5","v3.4.5rc1","v3.4.6","v3.4.6rc1","v3.5.0","v3.5.0a1","v3.5.0a2","v3.5.0a3","v3.5.0a4","v3.5.0b1","v3.5.0b2","v3.5.0b3","v3.5.0b4","v3.5.0rc1","v3.5.0rc2","v3.5.0rc3","v3.5.0rc4","v3.5.1","v3.5.1rc1","v3.5.2","v3.5.2rc1","v3.5.3","v3.5.3rc1","v3.6.0","v3.6.0a1","v3.6.0a2","v3.6.0a3","v3.6.0a4","v3.6.0b1","v3.6.0b2","v3.6.0b3","v3.6.0b4","v3.6.0rc1","v3.6.0rc2","v3.7.0a1","v3.7.0a2","v3.7.0a3","v3.7.0a4"],"database_specific":{"source":"https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2018-5.json","vanir_signatures":[{"id":"PSF-2018-5-0529eb9c","signature_type":"Line","deprecated":false,"target":{"file":"Include/pyexpat.h"},"source":"https://github.com/python/cpython/commit/41b48e71ac8a71f56694b548f118bd20ce203410","digest":{"threshold":0.9,"line_hashes":["271540747257123819950784045914636440332","274956068542932472627031870402044982266","241220344856590920200779090285422726002"]},"signature_version":"v1"},{"id":"PSF-2018-5-0a6caff9","signature_type":"Line","deprecated":false,"target":{"file":"Modules/pyexpat.c"},"source":"https://github.com/python/cpython/commit/f7666e828cc3d5873136473ea36ba2013d624fa1","digest":{"threshold":0.9,"line_hashes":["6228095906780757826351064762810605344","100366988393519509567428993608225082120","94993360753423526345601587746421293291","155664580772399432230501311881002319858"]},"signature_version":"v1"},{"id":"PSF-2018-5-0d07dc07","signature_type":"Function","deprecated":false,"target":{"function":"MODULE_INITFUNC","file":"Modules/pyexpat.c"},"source":"https://github.com/python/cpython/commit/470a435f3b42c9be5fdb7f7b04f3df5663ba7305","digest":{"function_hash":"170301019975276653295418311012249254178","length":6322},"signature_version":"v1"},{"id":"PSF-2018-5-0f6d2c01","signature_type":"Function","deprecated":false,"target":{"function":"_elementtree_XMLParser___init___impl","file":"Modules/_elementtree.c"},"source":"https://github.com/python/cpython/commit/f7666e828cc3d5873136473ea36ba2013d624fa1","digest":{"function_hash":"77919769789236650672816335086106820483","length":2356},"signature_version":"v1"},{"id":"PSF-2018-5-19be0768","signature_type":"Line","deprecated":false,"target":{"file":"Modules/pyexpat.c"},"source":"https://github.com/python/cpython/commit/d16eaf36795da48b930b80b20d3805bc27820712","digest":{"threshold":0.9,"line_hashes":["6228095906780757826351064762810605344","100366988393519509567428993608225082120","94993360753423526345601587746421293291","155664580772399432230501311881002319858"]},"signature_version":"v1"},{"id":"PSF-2018-5-25e8006e","signature_type":"Function","deprecated":false,"target":{"function":"MODULE_INITFUNC","file":"Modules/pyexpat.c"},"source":"https://github.com/python/cpython/commit/d16eaf36795da48b930b80b20d3805bc27820712","digest":{"function_hash":"156437927899198139891767931874678351382","length":6324},"signature_version":"v1"},{"id":"PSF-2018-5-27e69a3c","signature_type":"Line","deprecated":false,"target":{"file":"Include/pyexpat.h"},"source":"https://github.com/python/cpython/commit/f7666e828cc3d5873136473ea36ba2013d624fa1","digest":{"threshold":0.9,"line_hashes":["271540747257123819950784045914636440332","274956068542932472627031870402044982266","241220344856590920200779090285422726002"]},"signature_version":"v1"},{"id":"PSF-2018-5-29e1ec4e","signature_type":"Line","deprecated":false,"target":{"file":"Modules/pyexpat.c"},"source":"https://github.com/python/cpython/commit/470a435f3b42c9be5fdb7f7b04f3df5663ba7305","digest":{"threshold":0.9,"line_hashes":["6228095906780757826351064762810605344","100366988393519509567428993608225082120","94993360753423526345601587746421293291","155664580772399432230501311881002319858"]},"signature_version":"v1"},{"id":"PSF-2018-5-2bb84926","signature_type":"Function","deprecated":false,"target":{"function":"MODULE_INITFUNC","file":"Modules/pyexpat.c"},"source":"https://github.com/python/cpython/commit/f7666e828cc3d5873136473ea36ba2013d624fa1","digest":{"function_hash":"247602523058371535559249810982925242502","length":6435},"signature_version":"v1"},{"id":"PSF-2018-5-66b92b36","signature_type":"Function","deprecated":false,"target":{"function":"MODULE_INITFUNC","file":"Modules/pyexpat.c"},"source":"https://github.com/python/cpython/commit/cb5778f00ce48631c7140f33ba242496aaf7102b","digest":{"function_hash":"170301019975276653295418311012249254178","length":6322},"signature_version":"v1"},{"id":"PSF-2018-5-710900e9","signature_type":"Line","deprecated":false,"target":{"file":"Include/pyexpat.h"},"source":"https://github.com/python/cpython/commit/d16eaf36795da48b930b80b20d3805bc27820712","digest":{"threshold":0.9,"line_hashes":["271540747257123819950784045914636440332","274956068542932472627031870402044982266","241220344856590920200779090285422726002"]},"signature_version":"v1"},{"id":"PSF-2018-5-77ef1c4b","signature_type":"Function","deprecated":false,"target":{"function":"xmlparser","file":"Modules/_elementtree.c"},"source":"https://github.com/python/cpython/commit/18b20bad75b4ff0486940fba4ec680e96e70f3a2","digest":{"function_hash":"103208225359169933251817944875691630843","length":3035},"signature_version":"v1"},{"id":"PSF-2018-5-7a74508e","signature_type":"Line","deprecated":false,"target":{"file":"Modules/_elementtree.c"},"source":"https://github.com/python/cpython/commit/470a435f3b42c9be5fdb7f7b04f3df5663ba7305","digest":{"threshold":0.9,"line_hashes":["137404600755823102235542949392430954789","147324151575510193340912147128594971371","65381952966542290425245486449272617698","82283063845321088878941803511437575713"]},"signature_version":"v1"},{"id":"PSF-2018-5-80b43183","signature_type":"Line","deprecated":false,"target":{"file":"Modules/_elementtree.c"},"source":"https://github.com/python/cpython/commit/41b48e71ac8a71f56694b548f118bd20ce203410","digest":{"threshold":0.9,"line_hashes":["137404600755823102235542949392430954789","147324151575510193340912147128594971371","65381952966542290425245486449272617698","82283063845321088878941803511437575713"]},"signature_version":"v1"},{"id":"PSF-2018-5-886d018f","signature_type":"Line","deprecated":false,"target":{"file":"Modules/_elementtree.c"},"source":"https://github.com/python/cpython/commit/f7666e828cc3d5873136473ea36ba2013d624fa1","digest":{"threshold":0.9,"line_hashes":["137404600755823102235542949392430954789","147324151575510193340912147128594971371","65381952966542290425245486449272617698","82283063845321088878941803511437575713"]},"signature_version":"v1"},{"id":"PSF-2018-5-8de55b10","signature_type":"Line","deprecated":false,"target":{"file":"Include/pyexpat.h"},"source":"https://github.com/python/cpython/commit/cb5778f00ce48631c7140f33ba242496aaf7102b","digest":{"threshold":0.9,"line_hashes":["271540747257123819950784045914636440332","274956068542932472627031870402044982266","241220344856590920200779090285422726002"]},"signature_version":"v1"},{"id":"PSF-2018-5-9a21ac32","signature_type":"Function","deprecated":false,"target":{"function":"_elementtree_XMLParser___init___impl","file":"Modules/_elementtree.c"},"source":"https://github.com/python/cpython/commit/470a435f3b42c9be5fdb7f7b04f3df5663ba7305","digest":{"function_hash":"330561625271487661040493798667346664712","length":2502},"signature_version":"v1"},{"id":"PSF-2018-5-9a6e8841","signature_type":"Function","deprecated":false,"target":{"function":"MODULE_INITFUNC","file":"Modules/pyexpat.c"},"source":"https://github.com/python/cpython/commit/18b20bad75b4ff0486940fba4ec680e96e70f3a2","digest":{"function_hash":"256297435839592144373970081322213609369","length":5610},"signature_version":"v1"},{"id":"PSF-2018-5-9ca7aa05","signature_type":"Line","deprecated":false,"target":{"file":"Modules/pyexpat.c"},"source":"https://github.com/python/cpython/commit/cb5778f00ce48631c7140f33ba242496aaf7102b","digest":{"threshold":0.9,"line_hashes":["6228095906780757826351064762810605344","100366988393519509567428993608225082120","94993360753423526345601587746421293291","155664580772399432230501311881002319858"]},"signature_version":"v1"},{"id":"PSF-2018-5-ad9416e4","signature_type":"Function","deprecated":false,"target":{"function":"MODULE_INITFUNC","file":"Modules/pyexpat.c"},"source":"https://github.com/python/cpython/commit/41b48e71ac8a71f56694b548f118bd20ce203410","digest":{"function_hash":"221430185522947828892498173415921569878","length":6300},"signature_version":"v1"},{"id":"PSF-2018-5-b34af8bb","signature_type":"Line","deprecated":false,"target":{"file":"Include/pyexpat.h"},"source":"https://github.com/python/cpython/commit/470a435f3b42c9be5fdb7f7b04f3df5663ba7305","digest":{"threshold":0.9,"line_hashes":["271540747257123819950784045914636440332","274956068542932472627031870402044982266","241220344856590920200779090285422726002"]},"signature_version":"v1"},{"id":"PSF-2018-5-b5c9c6d5","signature_type":"Line","deprecated":false,"target":{"file":"Include/pyexpat.h"},"source":"https://github.com/python/cpython/commit/18b20bad75b4ff0486940fba4ec680e96e70f3a2","digest":{"threshold":0.9,"line_hashes":["271540747257123819950784045914636440332","208503526795678277142017581471077553457","279037739981496640215727616058320715555"]},"signature_version":"v1"},{"id":"PSF-2018-5-bccdc173","signature_type":"Line","deprecated":false,"target":{"file":"Modules/_elementtree.c"},"source":"https://github.com/python/cpython/commit/18b20bad75b4ff0486940fba4ec680e96e70f3a2","digest":{"threshold":0.9,"line_hashes":["66612102649879585673159295088194671690","23703077674946035329797417291785802620","287040972545085445722564029611492265353","310308320207266540206936231475082897389"]},"signature_version":"v1"},{"id":"PSF-2018-5-c5fb11a7","signature_type":"Function","deprecated":false,"target":{"function":"_elementtree_XMLParser___init___impl","file":"Modules/_elementtree.c"},"source":"https://github.com/python/cpython/commit/cb5778f00ce48631c7140f33ba242496aaf7102b","digest":{"function_hash":"188278664522209370658731706927765756967","length":2340},"signature_version":"v1"},{"id":"PSF-2018-5-c7168870","signature_type":"Function","deprecated":false,"target":{"function":"xmlparser_init","file":"Modules/_elementtree.c"},"source":"https://github.com/python/cpython/commit/d16eaf36795da48b930b80b20d3805bc27820712","digest":{"function_hash":"137023430693704268447172529994237738799","length":2107},"signature_version":"v1"},{"id":"PSF-2018-5-cc4316fe","signature_type":"Line","deprecated":false,"target":{"file":"Modules/pyexpat.c"},"source":"https://github.com/python/cpython/commit/41b48e71ac8a71f56694b548f118bd20ce203410","digest":{"threshold":0.9,"line_hashes":["6228095906780757826351064762810605344","100366988393519509567428993608225082120","94993360753423526345601587746421293291","155664580772399432230501311881002319858"]},"signature_version":"v1"},{"id":"PSF-2018-5-d1fd4f05","signature_type":"Function","deprecated":false,"target":{"function":"_elementtree_XMLParser___init___impl","file":"Modules/_elementtree.c"},"source":"https://github.com/python/cpython/commit/41b48e71ac8a71f56694b548f118bd20ce203410","digest":{"function_hash":"73256073183104945484903393150043818016","length":1960},"signature_version":"v1"},{"id":"PSF-2018-5-d4b53bfc","signature_type":"Line","deprecated":false,"target":{"file":"Modules/_elementtree.c"},"source":"https://github.com/python/cpython/commit/cb5778f00ce48631c7140f33ba242496aaf7102b","digest":{"threshold":0.9,"line_hashes":["137404600755823102235542949392430954789","147324151575510193340912147128594971371","65381952966542290425245486449272617698","82283063845321088878941803511437575713"]},"signature_version":"v1"},{"id":"PSF-2018-5-dca03d09","signature_type":"Line","deprecated":false,"target":{"file":"Modules/_elementtree.c"},"source":"https://github.com/python/cpython/commit/d16eaf36795da48b930b80b20d3805bc27820712","digest":{"threshold":0.9,"line_hashes":["22646810726213931200945512541683911641","147324151575510193340912147128594971371","65381952966542290425245486449272617698","82283063845321088878941803511437575713"]},"signature_version":"v1"},{"id":"PSF-2018-5-dcc14ec8","signature_type":"Line","deprecated":false,"target":{"file":"Modules/pyexpat.c"},"source":"https://github.com/python/cpython/commit/18b20bad75b4ff0486940fba4ec680e96e70f3a2","digest":{"threshold":0.9,"line_hashes":["177082604365335292599450736752896658900","328985004163816335496507511230260655254","337190183865250067061467410223283073997","226212766570678921015701812624341608457"]},"signature_version":"v1"}]}}],"schema_version":"1.7.3"}