Main Vulnerability Database Vulnerabilities #VU15784

Use-after-free error in pyopenssl - CVE-2018-1000807

Published: November 9, 2018

Vulnerability identifier: #VU15784

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-1000807

CWE-ID: CWE-416

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Python Cryptographic Authority

Affected software:
pyopenssl

Detailed vulnerability description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error during improper handling of X509 objects. A remote unauthenticated attacker can send a specially crafted request that submits malicious input, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

How to mitigate CVE-2018-1000807

Update to version 17.5.0.

Sources

https://github.com/pyca/pyopenssl/pull/723

Use-after-free error in pyopenssl - CVE-2018-1000807

Detailed vulnerability description

How to mitigate CVE-2018-1000807

Sources

Please verify you're human