Product Research Enterprise Plans Docs

PyPi: Sbp

CVE-2018-18074

Transitive

Safety vulnerability ID: 37937

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Oct 09, 2018 Updated at May 08, 2024

Scan your Python projects for vulnerabilities →

Advisory

Sbp 2.7.0 updates requests to resolve security issue (https://github.com/swift-nav/libsbp/pull/708).

Affected package

sbp

Latest version: 6.0.0

Python bindings for Swift Binary Protocol

Affected versions

Fixed versions

Vulnerability changelog

- Allow max reconnects to be specified as a parameter \[ESD-1603\] \[TTI-2\] [\756](https://github.com/swift-nav/libsbp/pull/756)
- Miscellaneous clean up of Rust bindings [\754](https://github.com/swift-nav/libsbp/pull/754)
- Get rust example building [\753](https://github.com/swift-nav/libsbp/pull/753)
- Cannot compare int and NoneType in python3 [\752](https://github.com/swift-nav/libsbp/pull/752)
- Added check for a couple of needed commands to build rust. [\750](https://github.com/swift-nav/libsbp/pull/750)
- Added typescript module declaration file [\749](https://github.com/swift-nav/libsbp/pull/749)
- Changed C++ wrapper to not require non-const access to the buffer when sending [\748](https://github.com/swift-nav/libsbp/pull/748)
- Added optional serialize feature to rust crate [\747](https://github.com/swift-nav/libsbp/pull/747)
- Update check [\746](https://github.com/swift-nav/libsbp/pull/746)
- Add unit tests for Rust [\745](https://github.com/swift-nav/libsbp/pull/745)
- Fix compiler warnings found in libsettings build [\743](https://github.com/swift-nav/libsbp/pull/743)
- Import libcheck as submodule [\742](https://github.com/swift-nav/libsbp/pull/742)
- Remove extra \\ from non-printable escaping [\741](https://github.com/swift-nav/libsbp/pull/741)
- Use common test targets module [\740](https://github.com/swift-nav/libsbp/pull/740)
- Add C++ support [\739](https://github.com/swift-nav/libsbp/pull/739)
- Fix Rust generation to generate in the same order [\738](https://github.com/swift-nav/libsbp/pull/738)
- \[STAR-789\] Add proposed Protection Level message [\737](https://github.com/swift-nav/libsbp/pull/737)
- Star 833 [\736](https://github.com/swift-nav/libsbp/pull/736)
- Generate JSON schema definitions for web clients [\735](https://github.com/swift-nav/libsbp/pull/735)
- Update libsbp ARM builders [\733](https://github.com/swift-nav/libsbp/pull/733)
- Modify to work with Rust's bindgen [\706](https://github.com/swift-nav/libsbp/pull/706)

[v2.7.1](https://github.com/swift-nav/libsbp/tree/v2.7.1) (2019-09-20)
[Full Changelog](https://github.com/swift-nav/libsbp/compare/v2.7.0...v2.7.1)

**Merged pull requests:**

- Version 2.7.1 [\732](https://github.com/swift-nav/libsbp/pull/732)
- Remove explicit Python 2 build in dist/deploy sciprt [\731](https://github.com/swift-nav/libsbp/pull/731)

[v2.7.0](https://github.com/swift-nav/libsbp/tree/v2.7.0) (2019-09-19)
[Full Changelog](https://github.com/swift-nav/libsbp/compare/v2.6.5...v2.7.0)

**Merged pull requests:**

- libsbp version 2.7.0 [\730](https://github.com/swift-nav/libsbp/pull/730)
- Replace ujson with rapidjson \[STA-1009\] [\729](https://github.com/swift-nav/libsbp/pull/729)
- Make a msg\_buff pointer for backwards compatibility [\728](https://github.com/swift-nav/libsbp/pull/728)
- Remove OWNERS.md file. [\726](https://github.com/swift-nav/libsbp/pull/726)
- Frame callback implementation & tests [\725](https://github.com/swift-nav/libsbp/pull/725)
- JSONLogIterator - Fix the iteration if the JSON is already unwrapped [\724](https://github.com/swift-nav/libsbp/pull/724)
- Dynamic import generator output modules [\722](https://github.com/swift-nav/libsbp/pull/722)
- Changing java CRC16 class modifiers to enable external access \(\720\) [\721](https://github.com/swift-nav/libsbp/pull/721)
- ORI-594 Fix up SSR atmospherics documentation [\719](https://github.com/swift-nav/libsbp/pull/719)
- Remove lodash from JavaScript deps [\717](https://github.com/swift-nav/libsbp/pull/717)
- Initial rust implementation [\714](https://github.com/swift-nav/libsbp/pull/714)
- Remove redundant field. [\713](https://github.com/swift-nav/libsbp/pull/713)
- Support running w/o Numba/Numpy installed [\712](https://github.com/swift-nav/libsbp/pull/712)
- Add code coverage \[ESD-1407\] [\710](https://github.com/swift-nav/libsbp/pull/710)
- Update requests to resolve security issue [\708](https://github.com/swift-nav/libsbp/pull/708)

[v2.6.5](https://github.com/swift-nav/libsbp/tree/v2.6.5) (2019-07-03)
[Full Changelog](https://github.com/swift-nav/libsbp/compare/v2.6.4...v2.6.5)

**Merged pull requests:**

- libsbp v2.6.5 [\711](https://github.com/swift-nav/libsbp/pull/711)
- Pin minor rev versions, security fix for requests [\709](https://github.com/swift-nav/libsbp/pull/709)

[v2.6.4](https://github.com/swift-nav/libsbp/tree/v2.6.4) (2019-06-27)
[Full Changelog](https://github.com/swift-nav/libsbp/compare/v2.6.3...v2.6.4)

**Closed issues:**

- cmake error while installing libsbp - include could not find load file [\705](https://github.com/swift-nav/libsbp/issues/705)

**Merged pull requests:**

- Update README.md [\707](https://github.com/swift-nav/libsbp/pull/707)
- SSR STEC and gridded correction message refinements [\704](https://github.com/swift-nav/libsbp/pull/704)
- Change ssr\_update\_interval to u8. [\703](https://github.com/swift-nav/libsbp/pull/703)
- Purge llvmlite and numba dependencies from generated Python code \[ESD-1396\] [\702](https://github.com/swift-nav/libsbp/pull/702)
- Don't use hardcoded include/link paths [\701](https://github.com/swift-nav/libsbp/pull/701)

[v2.6.3](https://github.com/swift-nav/libsbp/tree/v2.6.3) (2019-06-11)
[Full Changelog](https://github.com/swift-nav/libsbp/compare/v2.6.2...v2.6.3)

**Merged pull requests:**

- Version 2.6.3 [\700](https://github.com/swift-nav/libsbp/pull/700)
- Move sbp2json to libsbp from piksi\_tools \[ESD-1374\] [\699](https://github.com/swift-nav/libsbp/pull/699)
- Deprecate MSG\_INIT\_BASE \[ESD-1286\] [\698](https://github.com/swift-nav/libsbp/pull/698)

[v2.6.2](https://github.com/swift-nav/libsbp/tree/v2.6.2) (2019-06-06)
[Full Changelog](https://github.com/swift-nav/libsbp/compare/v2.6.1...v2.6.2)

**Merged pull requests:**

- v2.6.2 [\697](https://github.com/swift-nav/libsbp/pull/697)

[v2.6.1](https://github.com/swift-nav/libsbp/tree/v2.6.1) (2019-06-06)
[Full Changelog](https://github.com/swift-nav/libsbp/compare/v2.6.0...v2.6.1)

**Merged pull requests:**

- Version 2.6.1 [\696](https://github.com/swift-nav/libsbp/pull/696)
- Add QZSS eph [\695](https://github.com/swift-nav/libsbp/pull/695)
- Import standard cmake modules, standardise dependency resolution \[ESD-1246\] \[ESD-1247\] [\692](https://github.com/swift-nav/libsbp/pull/692)

[v2.6.0](https://github.com/swift-nav/libsbp/tree/v2.6.0) (2019-06-05)
[Full Changelog](https://github.com/swift-nav/libsbp/compare/v2.5.5...v2.6.0)

**Merged pull requests:**

- libsbp release 2.6.0 [\694](https://github.com/swift-nav/libsbp/pull/694)
- Remove unused build\_test\_data.py \[ESD-1086\] [\693](https://github.com/swift-nav/libsbp/pull/693)
- Integrate numba into setuptools \[ESD-1156\] [\687](https://github.com/swift-nav/libsbp/pull/687)
- Added three new messages for gridded atmospheric SSR corrections. [\686](https://github.com/swift-nav/libsbp/pull/686)

[v2.5.5](https://github.com/swift-nav/libsbp/tree/v2.5.5) (2019-05-16)
[Full Changelog](https://github.com/swift-nav/libsbp/compare/v2.5.3-4-g7e6afa39...v2.5.5)

**Closed issues:**

- MSG\_INIT\_BASE / Hotstart with known Position [\681](https://github.com/swift-nav/libsbp/issues/681)

**Merged pull requests:**

- Release version 2.5.5 [\690](https://github.com/swift-nav/libsbp/pull/690)
- Use piksi\_tools master in benchmark [\689](https://github.com/swift-nav/libsbp/pull/689)
- Add source to gal eph [\688](https://github.com/swift-nav/libsbp/pull/688)
- Added additional checks for tools in the Makefile [\684](https://github.com/swift-nav/libsbp/pull/684)
- \[ESD-1238\] Do not call nullary constructors in Haskell ToJSON [\680](https://github.com/swift-nav/libsbp/pull/680)

[v2.5.3-4-g7e6afa39](https://github.com/swift-nav/libsbp/tree/v2.5.3-4-g7e6afa39) (2019-04-10)
[Full Changelog](https://github.com/swift-nav/libsbp/compare/v2.5.4...v2.5.3-4-g7e6afa39)

[v2.5.4](https://github.com/swift-nav/libsbp/tree/v2.5.4) (2019-04-10)
[Full Changelog](https://github.com/swift-nav/libsbp/compare/v2.5.3...v2.5.4)

**Merged pull requests:**

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): NONE
Availability Availability (A): NONE

CVSS v2 Details

MEDIUM 5.0

Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (Au): NONE
Confidentiality Impact (C): PARTIAL
Integrity Impact (I): NONE
Availability Impact (A): NONE