{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2018-1000807", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateReserved": "2018-09-20T00:00:00", "dateUpdated": "2024-08-05T12:47:56.674Z", "datePublished": "2018-10-08T00:00:00"}, "containers": {"cna": {"dateAssigned": "2018-10-05T00:00:00", "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-11-17T22:10:00.975790"}, "descriptions": [{"lang": "en", "value": "Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/pyca/pyopenssl/pull/723"}, {"name": "RHSA-2019:0085", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0085"}, {"name": "USN-3813-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/3813-1/"}, {"name": "openSUSE-SU-2019:1104", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html"}, {"url": "https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2017-11-29T00:00:00"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:47:56.674Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/pyca/pyopenssl/pull/723", "tags": ["x_transferred"]}, {"name": "RHSA-2019:0085", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0085"}, {"name": "USN-3813-1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/3813-1/"}, {"name": "openSUSE-SU-2019:1104", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html"}, {"url": "https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pyopenssl:pyopenssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "E78903F5-EF36-424C-BE99-AE9B1135879A", "versionEndExcluding": "17.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0."}, {"lang": "es", "value": "Python Cryptographic Authority pyopenssl en versiones anteriores a la 17.5.0 contiene una vulnerabilidad CWE-416: Uso de memoria previamente liberada en el manejo de objetos X509 que puede resultar en un uso de memoria previamente liberada y una denegaci\u00f3n de servicio (DoS) o la ejecuci\u00f3n remota de c\u00f3digo. El ataque parece ser explotable dependiendo de la aplicaci\u00f3n llamante y de si retiene una referencia a la memoria. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 17.5.0."}], "id": "CVE-2018-1000807", "lastModified": "2024-11-21T03:40:23.813", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-08T15:29:00.837", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0085"}, {"source": "cve@mitre.org", "url": "https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/pyca/pyopenssl/pull/723"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3813-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0085"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/pyca/pyopenssl/pull/723"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3813-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:0085", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "pyOpenSSL-0:17.5.0-1.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2019-01-16T00:00:00Z"}], "bugzilla": {"description": "pyOpenSSL: Use-after-free in X509 object handling", "id": "1640217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640217"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0."], "name": "CVE-2018-1000807", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "pyOpenSSL", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "pyOpenSSL", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "pyOpenSSL", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "pyOpenSSL", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Will not fix", "package_name": "pyOpenSSL", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:12", "fix_state": "Will not fix", "package_name": "pyOpenSSL", "product_name": "Red Hat OpenStack Platform 12 (Pike)"}, {"cpe": "cpe:/a:redhat:openstack:14", "fix_state": "Not affected", "package_name": "pyOpenSSL", "product_name": "Red Hat OpenStack Platform 14 (Rocky)"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "pyOpenSSL", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Will not fix", "package_name": "pyOpenSSL", "product_name": "Red Hat Virtualization 4"}], "public_date": "2017-11-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-1000807\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000807"], "statement": "This vulnerability is only present when a specific and uncommon usage pattern of pyOpenSSL occurs. Red Hat Product Security has audited our packages that use pyOpenSSL, and determined that software we distribute in Red Hat Enterprise Linux and Red Hat Virtualization does not use pyOpenSSL in such a way as to be vulnerable. Future updates may address this issue.", "threat_severity": "Moderate"}