Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1000808

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0.

Published

2018-10-08T15:29:00.947

Last Modified

2024-11-21T03:40:23.967

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-404
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application pyopenssl_project pyopenssl < 17.5.0 Yes
Operating System canonical ubuntu_linux 16.04 Yes
Application redhat gluster_storage 3.0 Yes
Application redhat openstack 13 Yes
Operating System redhat enterprise_linux_desktop 7.0 Yes
Operating System redhat enterprise_linux_server 7.0 Yes
Operating System redhat enterprise_linux_workstation 7.0 Yes
References