Lucene search

MitreCVE-2018-1000808

HistoryOct 08, 2018 - 3:29 p.m.

CVE-2018-1000808

2018-10-0815:29:00

CWE-404

mitre

web.nvd.nist.gov

506

cve-2018-1000808

python cryptographic authority

pyopenssl

cwe - 401

pkcs #12

denial of service

vulnerability

memory management

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0.003

Percentile

68.8%

JSON

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store… This vulnerability appears to have been fixed in 17.5.0.

Affected configurations

Nvd

Node

pyopenssl_projectpyopensslRange<17.5.0

Node

canonicalubuntu_linuxMatch16.04lts

Node

redhatgluster_storageMatch3.0

redhatopenstackMatch13

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch7.0

VendorProductVersionCPE
pyopenssl_projectpyopenssl*cpe:2.3:a:pyopenssl_project:pyopenssl:*:*:*:*:*:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
redhatgluster_storage3.0cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*
redhatopenstack13cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
redhatenterprise_linux_desktop7.0cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_server7.0cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_workstation7.0cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pyopenssl_project	pyopenssl	*	cpe:2.3:a:pyopenssl_project:pyopenssl::::::::
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
redhat	gluster_storage	3.0	cpe:2.3:a:redhat:gluster_storage:3.0:::::::*
redhat	openstack	13	cpe:2.3:a:redhat:openstack:13:::::::*
redhat	enterprise_linux_desktop	7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
redhat	enterprise_linux_server	7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
redhat	enterprise_linux_workstation	7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*