Home

CVE-2018-1000807

Description

Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
3.03

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-1000807,CVE-2018-1000808 are fixed in Python-pyopenssl 17.5.0Windows
Python wrapper around the OpenSSL library (USN-3813-1) python-openssl_0.15.1-2ubuntu0.2_all.debLinux
Python wrapper around the OpenSSL library (USN-3813-1) python3-openssl_0.15.1-2ubuntu0.2_all.debLinux
(RHSA-2019:0085) pyOpenSSL security and bug fix update python2-pyOpenSSL-17.5.0-1.el7ost.noarch.rpmLinux
SUSE-SU-2018:4063-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-cryptography-1.3.1-7.13.4.x86_64.rpmLinux
SUSE-SU-2018:4063-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-cryptography-debuginfo-1.3.1-7.13.4.x86_64.rpmLinux
SUSE-SU-2018:4063-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-cryptography-debugsource-1.3.1-7.13.4.x86_64.rpmLinux
SUSE-SU-2018:4063-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-pyOpenSSL-16.0.0-4.11.3.noarch.rpmLinux
SUSE-SU-2018:4063-1(SUSE Linux Enterprise Desktop 12-SP3 ) python-setuptools-18.0.1-4.8.1.noarch.rpmLinux
SUSE-SU-2018:4063-1(SUSE Linux Enterprise Desktop 12-SP3 ) python3-setuptools-18.0.1-4.8.1.noarch.rpmLinux
SUSE-SU-2018:4063-1(SUSE Linux Enterprise Server 12-SP3 ) python3-cryptography-1.3.1-7.13.4.x86_64.rpmLinux
SUSE-SU-2018:4063-1(SUSE Linux Enterprise Server 12-SP3 ) python3-pyOpenSSL-16.0.0-4.11.3.noarch.rpmLinux
SUSE-SU-2018:4063-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-cryptography-debuginfo-1.3.1-7.13.4.x86_64.rpmLinux
Vulnerabilities CVE-2018-1000807,CVE-2018-1000808 are fixed in Python-pyopenssl for linux 17.5.0Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234