Multiple vulnerabilities in Python Cryptographic Authority pyopenssl
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-1000808 CVE-2018-1000807 |
| CWE-ID | CWE-400 CWE-416 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
pyopenssl Client/Desktop applications / Other client software |
| Vendor | Python Cryptographic Authority |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Resource exhaustion
EUVDB-ID: #VU15783
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1000808
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to improper release of memory before removing the last reference in a Public Key Cryptography Standards (PKCS) #12 store. A remote unauthenticated attacker can send a specially crafted request that submits malicious input, exhaust memory resources and to cause the application to reload certificates from a PKCS #12 store.
MitigationUpdate to version 17.5.0.
Vulnerable software versionspyopenssl: 0.1 - 17.4
CPE2.3- cpe:2.3:a:python_cryptographic_authority:pyopenssl:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:python_cryptographic_authority:pyopenssl:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:python_cryptographic_authority:pyopenssl:0.3:*:*:*:*:*:*:*
https://github.com/pyca/pyopenssl/pull/723
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free error
EUVDB-ID: #VU15784
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-1000807
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error during improper handling of X509 objects. A remote unauthenticated attacker can send a specially crafted request that submits malicious input, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 17.5.0.
Vulnerable software versionspyopenssl: 0.1 - 17.4
CPE2.3- cpe:2.3:a:python_cryptographic_authority:pyopenssl:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:python_cryptographic_authority:pyopenssl:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:python_cryptographic_authority:pyopenssl:0.3:*:*:*:*:*:*:*
https://github.com/pyca/pyopenssl/pull/723
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
