CVE-2018-1000807 — HIGH (8.1)

Q: How severe is CVE-2018-1000807?

CVE-2018-1000807 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-1000807?

Check the references section above for vendor advisories and patch information. Affected products include: Pyopenssl Pyopenssl, Canonical Ubuntu Linux, Redhat Openstack, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.

Vulnerability Description

Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Pyopenssl	Pyopenssl	< 17.5.0
Canonical	Ubuntu Linux	16.04
Redhat	Openstack	13
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Workstation	7.0

Related Weaknesses (CWE)

CWE-416

References

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.htmlMailing ListThird Party Advisory
https://access.redhat.com/errata/RHSA-2019:0085Third Party Advisory
https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c350
https://github.com/pyca/pyopenssl/pull/723PatchThird Party Advisory
https://usn.ubuntu.com/3813-1/Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.htmlMailing ListThird Party Advisory
https://access.redhat.com/errata/RHSA-2019:0085Third Party Advisory
https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c350
https://github.com/pyca/pyopenssl/pull/723PatchThird Party Advisory
https://usn.ubuntu.com/3813-1/Third Party Advisory

FAQ

What is CVE-2018-1000807?

CVE-2018-1000807 is a vulnerability with a CVSS score of 8.1 (HIGH). Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible...

How severe is CVE-2018-1000807?

CVE-2018-1000807 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1000807?

Check the references section above for vendor advisories and patch information. Affected products include: Pyopenssl Pyopenssl, Canonical Ubuntu Linux, Redhat Openstack, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.