Bug 1549779 (CVE-2018-7537) - CVE-2018-7537 django: Catastrophic backtracking in regular expressions via 'truncatechars_html' and 'truncatewords_html'
Summary: CVE-2018-7537 django: Catastrophic backtracking in regular expressions via 't...
Status: CLOSED ERRATA
Alias: CVE-2018-7537
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20180306,repor...
Keywords: Security
Depends On: 1557457 1557459 1549907 1549908 1552177 1552178 1552179 1552306 1554696 1557458
Blocks: 1549781
TreeView+ depends on / blocked
 
Reported: 2018-02-27 20:07 UTC by Pedro Sampaio
Modified: 2019-06-08 03:41 UTC (History)
35 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2019-06-08 03:41:46 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2927 None None None 2018-10-16 15:21 UTC
Red Hat Product Errata RHSA-2019:0265 None None None 2019-02-04 07:43 UTC

Description Pedro Sampaio 2018-02-27 20:07:42 UTC
CVE-2018-7537: Denial-of-service possibility in ``truncatechars_html``
and ``truncatewords_html`` template filters
============================================================================

If ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods
were passed the ``html=True`` argument, they were extremely slow to evaluate
certain inputs due to a catastrophic backtracking vulnerability in a regular
expression. The ``chars()`` and ``words()`` methods are used to
implement the ``truncatechars_html`` and ``truncatewords_html`` template
filters, which were thus vulnerable.

The backtracking problem in the regular expression is fixed.

Comment 5 Adam Mariš 2018-03-06 16:14:24 UTC
Acknowledgments:

Name: the Django project

Comment 6 Adam Mariš 2018-03-06 16:14:42 UTC
External References:

https://www.djangoproject.com/weblog/2018/mar/06/security-releases/

Comment 7 Adam Mariš 2018-03-06 16:17:25 UTC
Created python-django tracking bugs for this issue:

Affects: fedora-all [bug 1552178]
Affects: epel-7 [bug 1552179]


Created python-django16 tracking bugs for this issue:

Affects: epel-7 [bug 1552177]

Comment 11 Andrej Nemec 2018-05-14 15:22:33 UTC
Statement:

This issue affects the versions of django as shipped with Red Hat Subscription Asset Manager. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Comment 12 errata-xmlrpc 2018-10-16 15:20:58 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.4 for RHEL 7

Via RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2018:2927

Comment 13 errata-xmlrpc 2019-02-04 07:43:40 UTC
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.4 for RHEL 7

Via RHSA-2019:0265 https://access.redhat.com/errata/RHSA-2019:0265


Note You need to log in before you can comment on or make changes to this bug.