CVE-2018-1000807
pyOpenSSL: Use-after-free in X509 object handling
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.
Python Cryptographic Authority pyopenssl en versiones anteriores a la 17.5.0 contiene una vulnerabilidad CWE-416: Uso de memoria previamente liberada en el manejo de objetos X509 que puede resultar en un uso de memoria previamente liberada y una denegación de servicio (DoS) o la ejecución remota de código. El ataque parece ser explotable dependiendo de la aplicación llamante y de si retiene una referencia a la memoria. La vulnerabilidad parece haber sido solucionada en la versión 17.5.0.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-09-20 CVE Reserved
- 2018-10-08 CVE Published
- 2024-08-05 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (7)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/pyca/pyopenssl/pull/723 | 2023-11-17 |
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html | 2023-11-17 | |
https://access.redhat.com/errata/RHSA-2019:0085 | 2023-11-17 | |
https://usn.ubuntu.com/3813-1 | 2023-11-17 | |
https://access.redhat.com/security/cve/CVE-2018-1000807 | 2019-01-16 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1640217 | 2019-01-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Pyopenssl Search vendor "Pyopenssl" | Pyopenssl Search vendor "Pyopenssl" for product "Pyopenssl" | < 17.5.0 Search vendor "Pyopenssl" for product "Pyopenssl" and version " < 17.5.0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 13 Search vendor "Redhat" for product "Openstack" and version "13" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
|