1. CVE-Search
  2. CVE-2018-1000807
ID CVE-2018-1000807
Summary Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.
References
Vulnerable Configurations
  • cpe:2.3:a:pyopenssl:pyopenssl:0.14:*:*:*:*:*:*:*
    cpe:2.3:a:pyopenssl:pyopenssl:0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:pyopenssl:pyopenssl:0.15:*:*:*:*:*:*:*
    cpe:2.3:a:pyopenssl:pyopenssl:0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:pyopenssl:pyopenssl:0.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:pyopenssl:pyopenssl:0.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pyopenssl:pyopenssl:16.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:pyopenssl:pyopenssl:16.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pyopenssl:pyopenssl:16.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:pyopenssl:pyopenssl:16.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pyopenssl:pyopenssl:16.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:pyopenssl:pyopenssl:16.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pyopenssl:pyopenssl:17.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:pyopenssl:pyopenssl:17.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pyopenssl:pyopenssl:17.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:pyopenssl:pyopenssl:17.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pyopenssl:pyopenssl:17.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:pyopenssl:pyopenssl:17.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pyopenssl:pyopenssl:17.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:pyopenssl:pyopenssl:17.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pyopenssl:pyopenssl:17.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:pyopenssl:pyopenssl:17.4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 04-08-2021 - 17:14)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2019:0085
rpms python2-pyOpenSSL-0:17.5.0-1.el7ost
refmap via4
confirm https://github.com/pyca/pyopenssl/pull/723
suse openSUSE-SU-2019:1104
ubuntu USN-3813-1
Last major update 04-08-2021 - 17:14
Published 08-10-2018 - 15:29
Last modified 04-08-2021 - 17:14
Back to Top