#VU15784 Use-after-free error in pyopenssl - CVE-2018-1000807

Cybersecurity Help s.r.o.

Published: 2018-11-09

Vulnerability identifier: #VU15784

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-1000807

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
pyopenssl
Client/Desktop applications / Other client software

Vendor: Python Cryptographic Authority

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error during improper handling of X509 objects. A remote unauthenticated attacker can send a specially crafted request that submits malicious input, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation
Update to version 17.5.0.

Vulnerable software versions

pyopenssl: 0.1 - 17.4

External links
https://github.com/pyca/pyopenssl/pull/723

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for python-pyOpenSSL

OpenSUSE Linux update for python-cryptography

Use-after-free error in py-openssl (Alpine package)

Red Hat update for pyOpenSSL

Multiple vulnerabilities in Python Cryptographic Authority pyopenssl