CVE-2018-1060: difflib and poplib catastrophic backtracking¶
Regexes in difflib and poplib were vulnerable to catastrophic backtracking. These regexes formed potential DOS vectors (REDOS). They have been refactored.
This resolves CVE-2018-1060 and CVE-2018-1061.
Patch by Jamie Davis.
- Disclosure date: 2018-03-02 (Python issue bpo-32981 reported)
- Python 3.4
- Python 3.5
Catastrophic backtracking in poplib (CVE-2018-1060) and difflib (CVE-2018-1061).
- Python issue: bpo-32981
- Creation date: 2018-03-02
- Reporter: James Davis
Timeline using the disclosure date 2018-03-02 as reference: