{"id":"CVE-2018-20406","details":"Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a \"resize to twice the size\" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.","aliases":["PSF-2018-6"],"modified":"2026-04-11T14:54:23.209177Z","published":"2018-12-23T23:29:00.307Z","related":["MGASA-2019-0135","SUSE-SU-2019:0215-1","SUSE-SU-2019:0243-1","SUSE-SU-2019:0243-2","SUSE-SU-2019:14246-1","SUSE-SU-2020:0114-1","openSUSE-SU-2019:0155-1","openSUSE-SU-2020:0086-1","openSUSE-SU-2024:11284-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/"},{"type":"WEB","url":"https://usn.ubuntu.com/4127-2/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/"},{"type":"WEB","url":"https://usn.ubuntu.com/4127-1/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190416-0010/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3725"},{"type":"FIX","url":"https://bugs.python.org/issue34656"},{"type":"FIX","url":"https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"3101b7076270756f8be699358c69c5d15ea2cc48"},{"fixed":"260ec2c36abd73bac51489108409160427979ede"},{"fixed":"a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd"}],"database_specific":{"versions":[{"introduced":"3.4.0"},{"fixed":"3.7.1"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20406.json","vanir_signatures":[{"source":"https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd","signature_version":"v1","id":"CVE-2018-20406-43acf8ba","deprecated":false,"digest":{"length":513,"function_hash":"238608745191708500243518890315194759530"},"signature_type":"Function","target":{"function":"_PyMemoTable_Lookup","file":"Modules/_pickle.c"}},{"source":"https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd","signature_version":"v1","id":"CVE-2018-20406-58c8b3a8","deprecated":false,"digest":{"length":831,"function_hash":"111640412554254461311466641904097980446"},"signature_type":"Function","target":{"function":"_PyMemoTable_ResizeTable","file":"Modules/_pickle.c"}},{"source":"https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd","signature_version":"v1","id":"CVE-2018-20406-5ec30274","deprecated":false,"digest":{"line_hashes":["45112653846842170630779620679637587886","273037488452269733613207395069486785748","224965702653792674157371353113599434800","104401350326782105379769632223118570208","66504625842563385702756284520051293437","4602678533789852696125538933186698784","137376098168446195913459541070039218217","30939058124349560888808051341081403806","274539625790580840346168145827920269054","179843850621542244562997065392094389860","7644611819643576506586264753395943626","72869903976937547343909203109531245628","195978184196671380301728257317454736699","238752790506200575709013979245726542209","25684359709618849353740122931223139129","278114224295875950187280680802283623368","237589773102019524306213684432989326532","81135490610867175137261429594676324296","187525043472758536240528251879508358420","216537493073827424916162786080751940684","131297887098748526913320656702982953343","256350609582575408704650046129382137842","78326038845035328898902427983988997657","61628742465481133189665724109262813","76114444486028263931920767387314368601","286395232907004384236393627279687206884","227062956098928797808371989601746288441","305195406001695936624023021860929810535","285436704585169754750698200127322553701","73200530167730095902556670581505469957","85120774123604562050038905867932717166","210580063844766522230001146869716830006","270711989534179837364545719863516146696","64217523537175475050147444161960922272","8912504727257359296599974832210331605","132348053511262350257502095222369539491","246412513905515520965602410506756779269","328518318056804636137914438700454394894","7357765417378986641606555121360217120","8361665750886393300897403971770005975","336209721957201535761118627436924720975","153870245540172031980948738299030660579","222415159268850366910923683553773841215","266525620854275538342986228295954960488","34344653579773234301892791775160573883","148601239444189105825584428579208583241","323937053803704628148148828329823871696","331853717569247205762098804757939977917","92327192160916523033656038184192863936","152634549575113162128207202374843326293","25063250672628326524147828845708453938","75704350826528866953053664064237791742","111786560371568269499302732478247380500","288241876009435883951921462787255735318","43284716825940792507260726856423577278","212885992568616841351931453615134176851","66531881155519416819194019651364315023","25316985882339621411431346677498986162","77291948899759453066807959102979195387","309605434265057665625974542040975271259","150222539549127684757171550669041666917","315949007162084841855352491046847401153","67752818544059669832748845629181482565","184704638036197717247283676327579711742","79951654591321526926747893080987104506","308632724783299990453617880739300280846","713109141583764091829610745785383862","66157617398859655719525749194090750399","267734643589000317757186247729907596538","12198415447487929970844166185598269799","45097695215432436287253278808246646788","279812335478235656674742849663718050313","37473986019427945156857121435622617376","93937955930936600967608096230358187852","177207411379625726474134939333562721594","241887371626331580148347055713345474386","299000238417484911095871060701985095213","197695928640060954092501805930040405403","300744421248276122164560127227397878554","1975719104774363661335470534150644794","272801642918627501831707989507692251590","274913328579366429055928998676265916779","159012324300316576475717061898535702580","13918599761487380707629812567812402372","86698513129069432251458717826321553101","203377406233086393120990306515793095846","57757643489201298031491448970755453602","20805926715546922562851592233286487458","107494229581096882278384305149429322984","193295174773467497837742693094499676094"],"threshold":0.9},"signature_type":"Line","target":{"file":"Modules/_pickle.c"}},{"source":"https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd","signature_version":"v1","id":"CVE-2018-20406-be04d126","deprecated":false,"digest":{"length":664,"function_hash":"118362948290395666455407603544615018276"},"signature_type":"Function","target":{"function":"_pickle_PicklerMemoProxy_copy_impl","file":"Modules/_pickle.c"}},{"source":"https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd","signature_version":"v1","id":"CVE-2018-20406-c51fff71","deprecated":false,"digest":{"length":477,"function_hash":"165536987674447085386907687403639821566"},"signature_type":"Function","target":{"function":"PyMemoTable_Set","file":"Modules/_pickle.c"}},{"source":"https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd","signature_version":"v1","id":"CVE-2018-20406-de4cfe81","deprecated":false,"digest":{"length":154,"function_hash":"189641432010352368724022831897744054805"},"signature_type":"Function","target":{"function":"_Unpickler_MemoGet","file":"Modules/_pickle.c"}},{"source":"https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd","signature_version":"v1","id":"CVE-2018-20406-e593325b","deprecated":false,"digest":{"length":644,"function_hash":"133714812579917916024773386692265243064"},"signature_type":"Function","target":{"function":"PyMemoTable_Copy","file":"Modules/_pickle.c"}},{"source":"https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd","signature_version":"v1","id":"CVE-2018-20406-fe66b6bd","deprecated":false,"digest":{"length":1457,"function_hash":"66296116601692746305984653236388533087"},"signature_type":"Function","target":{"function":"Unpickler_set_memo","file":"Modules/_pickle.c"}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"28"}]},{"events":[{"introduced":"0"},{"last_affected":"29"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]}],"vanir_signatures_modified":"2026-04-11T14:54:23Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}