CVE-2018-1000807

HIGH

Python Cryptographic Authority pyopenssl <17.5.0 - Use After Free

Title source: llm

Description

Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.

References (5)

Core 5

Core References

Patch, Third Party Advisory

https://github.com/pyca/pyopenssl/pull/723

Patch

https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509

View Patch ZIP pw:eip

Third Party Advisory vendor-advisory

https://access.redhat.com/errata/RHSA-2019:0085

Third Party Advisory vendor-advisory

https://usn.ubuntu.com/3813-1/

Mailing List, Third Party Advisory vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html

Scores

CVSS v3 8.1

EPSS 0.0288

EPSS Percentile 86.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (7)

canonical/ubuntu_linux 16.04

pyopenssl/pyopenssl < 17.5.0

pypi/pyopenssl 0 - 17.5.0PyPI

redhat/enterprise_linux_desktop 7.0

redhat/enterprise_linux_server 7.0

redhat/enterprise_linux_workstation 7.0

redhat/openstack 13

Published Oct 08, 2018

Tracked Since Feb 18, 2026