CVE-2018-1000807

2018-10-0815:29:00

Google

osv.dev

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.094 Low

EPSS

Percentile

94.6%

JSON

Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution… This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory… This vulnerability appears to have been fixed in 17.5.0.

CPENameOperatorVersion
py-openssleq0.13-r0
py-openssleq16.1.0-r0
py-openssleq16.1.0-r1
pyopenssleq17.3.0
py-openssleq0.15.1-r0
pyopenssleq16.1.0
py-openssleq0.14-r0
py-openssleq16.0.0-r2
pyopenssleq0.15.1
pyopenssleq16.0.0

Name	Operator	Version
py-openssl	eq	0.13-r0
py-openssl	eq	16.1.0-r0
py-openssl	eq	16.1.0-r1
pyopenssl	eq	17.3.0
py-openssl	eq	0.15.1-r0
pyopenssl	eq	16.1.0
py-openssl	eq	0.14-r0
py-openssl	eq	16.0.0-r2
pyopenssl	eq	0.15.1
pyopenssl	eq	16.0.0