Search criteria
3 vulnerabilities found for pyopenssl by pyopenssl
FKIE_CVE-2018-1000807
Vulnerability from fkie_nvd - Published: 2018-10-08 15:29 - Updated: 2024-11-21 03:40
Severity ?
Summary
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pyopenssl | pyopenssl | * | |
| canonical | ubuntu_linux | 16.04 | |
| redhat | openstack | 13 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pyopenssl:pyopenssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E78903F5-EF36-424C-BE99-AE9B1135879A",
"versionEndExcluding": "17.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
"matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0."
},
{
"lang": "es",
"value": "Python Cryptographic Authority pyopenssl en versiones anteriores a la 17.5.0 contiene una vulnerabilidad CWE-416: Uso de memoria previamente liberada en el manejo de objetos X509 que puede resultar en un uso de memoria previamente liberada y una denegaci\u00f3n de servicio (DoS) o la ejecuci\u00f3n remota de c\u00f3digo. El ataque parece ser explotable dependiendo de la aplicaci\u00f3n llamante y de si retiene una referencia a la memoria. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 17.5.0."
}
],
"id": "CVE-2018-1000807",
"lastModified": "2024-11-21T03:40:23.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-08T15:29:00.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0085"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pyca/pyopenssl/pull/723"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3813-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/pyca/pyopenssl/pull/723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3813-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-1000807 (GCVE-0-2018-1000807)
Vulnerability from cvelistv5 – Published: 2018-10-08 00:00 – Updated: 2024-08-05 12:47
VLAI?
Summary
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:56.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyca/pyopenssl/pull/723"
},
{
"name": "RHSA-2019:0085",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0085"
},
{
"name": "USN-3813-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3813-1/"
},
{
"name": "openSUSE-SU-2019:1104",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-10-05T00:00:00",
"datePublic": "2017-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T22:10:00.975790",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/pyca/pyopenssl/pull/723"
},
{
"name": "RHSA-2019:0085",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0085"
},
{
"name": "USN-3813-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3813-1/"
},
{
"name": "openSUSE-SU-2019:1104",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html"
},
{
"url": "https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000807",
"datePublished": "2018-10-08T00:00:00",
"dateReserved": "2018-09-20T00:00:00",
"dateUpdated": "2024-08-05T12:47:56.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000807 (GCVE-0-2018-1000807)
Vulnerability from nvd – Published: 2018-10-08 00:00 – Updated: 2024-08-05 12:47
VLAI?
Summary
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:56.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyca/pyopenssl/pull/723"
},
{
"name": "RHSA-2019:0085",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0085"
},
{
"name": "USN-3813-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3813-1/"
},
{
"name": "openSUSE-SU-2019:1104",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-10-05T00:00:00",
"datePublic": "2017-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T22:10:00.975790",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/pyca/pyopenssl/pull/723"
},
{
"name": "RHSA-2019:0085",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0085"
},
{
"name": "USN-3813-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3813-1/"
},
{
"name": "openSUSE-SU-2019:1104",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html"
},
{
"url": "https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000807",
"datePublished": "2018-10-08T00:00:00",
"dateReserved": "2018-09-20T00:00:00",
"dateUpdated": "2024-08-05T12:47:56.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}