CVE-2018-20406

EPSS 1.56% · P82 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-20406

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Python 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Python是Python软件基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。 Python 3.7.1之前版本中的Modules/_pickle.c文件存在输入验证错误漏洞。攻击者可利用该漏洞造成拒绝服务（内存耗尽）。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2018-20406

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-20406

请登录查看更多情报信息。

https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26ddx_refsource_MISC
https://bugs.python.org/issue34656x_refsource_MISC
https://security.netapp.com/advisory/ntap-20190416-0010/x_refsource_CONFIRM
https://usn.ubuntu.com/4127-2/vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/4127-1/vendor-advisoryx_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2019:3725vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.htmlvendor-advisoryx_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/vendor-advisoryx_refsource_FEDORA
https://lists.debian.org/debian-lts-announce/2019/02/msg00011.htmlmailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/07/msg00011.htmlmailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2018-20406

Same Patch Batch · n/a · 2018-12-23 · 40 CVEs total

CVE-2018-20375		Tiny C Compiler 缓冲区错误漏洞
CVE-2018-20395		NETWAVE MNG6200 安全漏洞
CVE-2018-20396		NET&SYS MNG2120J和MNG6300 安全漏洞
CVE-2018-20397		mplus CBC383Z 安全漏洞
CVE-2018-20398		多款Skyworth产品安全漏洞
CVE-2018-20399		Motorola SBG901、SBG941和SVG1202 安全漏洞
CVE-2018-20400		Ubee DVW2108 安全漏洞
CVE-2018-20401		Zoom 5352 安全漏洞
CVE-2018-20402		Safe Software FME Server 安全漏洞
CVE-2018-20374		Tiny C Compiler 缓冲区错误漏洞
CVE-2018-20394		多款Thomson产品安全漏洞
CVE-2018-20376		Tiny C Compiler 缓冲区错误漏洞
CVE-2018-20377		Orange Livebox 安全漏洞
CVE-2018-20331		Antiy AVL ATool 缓冲区错误漏洞
CVE-2018-20368		Wordpress Master Slider Plugin 跨站脚本漏洞
CVE-2018-20369		Barracuda Message Archiver 跨站脚本漏洞
CVE-2018-20370		SZ NetChat Options模块跨站脚本漏洞
CVE-2018-20371		PhotoRange Photo Vault 信息泄露漏洞
CVE-2018-20372		TP-Link TD-W8961ND 跨站脚本漏洞
CVE-2018-20373		Tenda ADSL modem routers 跨站脚本漏洞

Showing top 20 of 40 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2018-20406

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-20406

I. Basic Information for CVE-2018-20406

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-20406

III. Intelligence Information for CVE-2018-20406

Same Patch Batch · n/a · 2018-12-23 · 40 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-20406

Leave a comment