CVE-2018-1000656 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-1000656 Interim 1 52 2025-02-17T02:26:56Z current 2021-05-30T14:20:43Z 2025-02-17T02:26:56Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-1000656 The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/update/announcement/2019/suse-su-20190657-1.html E-Mail link for SUSE-SU-2019:0657-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUU23JPF524WRYT6P2BYP5R5F5XP2QR2/#QUU23JPF524WRYT6P2BYP5R5F5XP2QR2 E-Mail link for openSUSE-SU-2019:1112-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE Enterprise Storage 7 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Package Hub 15 SUSE Linux Enterprise Module for Package Hub 15 SP4 SUSE Linux Enterprise Module for Package Hub 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 openSUSE Leap 15.0 python-Flask python2-Flask python2-Flask-0.12.4-3.3.26 python2-Flask-0.12.4-lp150.2.3.1 python2-Flask-doc-0.12.4-lp150.2.3.1 python3-Flask python3-Flask-0.12.4-3.3.26 python3-Flask-0.12.4-lp150.2.3.1 python3-Flask-doc-0.12.4-lp150.2.3.1 python3-Flask-0.12.4-3.3.26 as a component of SUSE Linux Enterprise Module for Basesystem 15 python2-Flask-0.12.4-3.3.26 as a component of SUSE Linux Enterprise Module for Package Hub 15 python2-Flask-0.12.4-lp150.2.3.1 as a component of openSUSE Leap 15.0 python2-Flask-doc-0.12.4-lp150.2.3.1 as a component of openSUSE Leap 15.0 python3-Flask-0.12.4-lp150.2.3.1 as a component of openSUSE Leap 15.0 python3-Flask-doc-0.12.4-lp150.2.3.1 as a component of openSUSE Leap 15.0 python-Flask as a component of HPE Helion OpenStack 8 python-Flask as a component of SUSE Enterprise Storage 7 python3-Flask as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS python-Flask as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS python-Flask as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 python-Flask as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 python2-Flask as a component of SUSE Linux Enterprise Module for Package Hub 15 SP4 python-Flask as a component of SUSE Linux Enterprise Module for Package Hub 15 SP4 python2-Flask as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 python-Flask as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 python3-Flask as a component of SUSE Linux Enterprise Server 15 SP2-LTSS python-Flask as a component of SUSE Linux Enterprise Server 15 SP2-LTSS python3-Flask as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 python-Flask as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 python-Flask as a component of SUSE OpenStack Cloud 8 python-Flask as a component of SUSE OpenStack Cloud Crowbar 8 The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083. CVE-2018-1000656 SUSE Linux Enterprise Module for Basesystem 15:python3-Flask-0.12.4-3.3.26 SUSE Linux Enterprise Module for Package Hub 15:python2-Flask-0.12.4-3.3.26 openSUSE Leap 15.0:python2-Flask-0.12.4-lp150.2.3.1 openSUSE Leap 15.0:python2-Flask-doc-0.12.4-lp150.2.3.1 openSUSE Leap 15.0:python3-Flask-0.12.4-lp150.2.3.1 openSUSE Leap 15.0:python3-Flask-doc-0.12.4-lp150.2.3.1 SUSE Enterprise Storage 7:python-Flask SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python-Flask SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-Flask SUSE Linux Enterprise Module for Basesystem 15 SP4:python-Flask SUSE Linux Enterprise Module for Basesystem 15 SP5:python-Flask SUSE Linux Enterprise Module for Package Hub 15 SP4:python-Flask SUSE Linux Enterprise Module for Package Hub 15 SP4:python2-Flask SUSE Linux Enterprise Module for Package Hub 15 SP5:python-Flask SUSE Linux Enterprise Module for Package Hub 15 SP5:python2-Flask SUSE Linux Enterprise Server 15 SP2-LTSS:python-Flask SUSE Linux Enterprise Server 15 SP2-LTSS:python3-Flask SUSE Linux Enterprise Server for SAP Applications 15 SP2:python-Flask SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-Flask HPE Helion OpenStack 8:python-Flask SUSE OpenStack Cloud 8:python-Flask SUSE OpenStack Cloud Crowbar 8:python-Flask low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L