GHSA-VP96-HXJ8-P424 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

If a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Unhandled exceptions now result in rejecting the...

Not Failing Securely ('Failing Open')

Overview Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' via the settlsextservernamecallback function. An attacker can bypass security-sensitive checks by causing an unhandled exception in the callback, which results in the connection being accepted. If a...

Python Cryptographic Authority: Fail-Open in set_tlsext_servername_callback on pyopenssl via unhandled exceptions leads to security bypass

A vulnerability was discovered in the pyopenssl library's handling of the Server Name Indication SNI callback settlsextservernamecallback. The internal wrapper for this callback catches all Python exceptions raised by user code but returns 0 Success/SSLTLSEXTERROK to the underlying OpenSSL engine...

EUVD-2013-0029

Malware in sbrugna...

EUVD-2018-0123

Malware in sbrugna...

EUVD-2017-0139

Malware in sbrugna...

SUSE SLES12 Security Update : python-pyOpenSSL (SUSE-SU-2024:3749-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3749-1 advisory. - Fixed error caused by a regression in fix for CVE-2018-1000807 bsc1231700 Tenable has extracted the preceding description block directly...

SUSE: Security Advisory (SUSE-SU-2024:3749-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issues: Fixed error caused by a regression in fix for CVE-2018-1000807 bsc1231700 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...

SUSE-SU-2024:3749-1 Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issues: - Fixed error caused by a regression in fix for CVE-2018-1000807 bsc1231700...

RHSA-2019:0085 Red Hat Security Advisory: pyOpenSSL security and bug fix update

Bulletin has no description...

OPENSUSE-SU-2024:14154-1 python310-pyOpenSSL-24.1.0-1.2 on GA media

These are all security issues fixed in the python310-pyOpenSSL-24.1.0-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10214-1 python-pyOpenSSL-16.2.0-1.3 on GA media

These are all security issues fixed in the python-pyOpenSSL-16.2.0-1.3 package on the GA media of openSUSE Tumbleweed...

RHEL 7 : pyopenssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pyOpenSSL: Failure to release memory before removing last reference in PKCS 12 Store CVE-2018-1000808 Note that...

RHEL 5 : pyopenssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pyOpenSSL: Failure to release memory before removing last reference in PKCS 12 Store CVE-2018-1000808 Note that...

RHEL 6 : pyopenssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pyOpenSSL: Failure to release memory before removing last reference in PKCS 12 Store CVE-2018-1000808 Note that...

SUSE SLES12 Security Update : python-pyOpenSSL (SUSE-SU-2024:1626-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1626-1 advisory. - Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509...

SUSE: Security Advisory (SUSE-SU-2024:1626-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:1626-1 Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issues: - CVE-2018-1000807: Fixed a use-after-free in X509 object handling bsc1111635 - CVE-2018-1000808: Fixed a use-after-free in PKCS 12 Store bsc1111634...

RHEL 5 : pyopenssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pyOpenSSL: Failure to release memory before removing last reference in PKCS 12 Store CVE-2018-1000808 Note that...