{"id":"GHSA-p28m-34f6-967q","summary":"PyOpenSSL Use-After-Free vulnerability","details":"It was discovered that pyOpenSSL incorrectly handled memory when handling X509 objects. A remote attacker could use this issue to cause pyOpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This attack appears to be exploitable via Depends on the calling application and if it retains a reference to the memory. This vulnerability appears to have been fixed in 17.5.0.","aliases":["CVE-2018-1000807","PYSEC-2018-23"],"modified":"2024-10-15T16:39:23.634847Z","published":"2018-10-10T16:10:38Z","database_specific":{"severity":"HIGH","github_reviewed":true,"nvd_published_at":"2018-10-08T15:29:00Z","github_reviewed_at":"2020-06-16T21:47:43Z","cwe_ids":["CWE-416"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000807"},{"type":"WEB","url":"https://github.com/pyca/pyopenssl/pull/723"},{"type":"WEB","url":"https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2019:0085"},{"type":"PACKAGE","url":"https://github.com/pyca/pyopenssl"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-23.yaml"},{"type":"WEB","url":"https://usn.ubuntu.com/3813-1"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html"}],"affected":[{"package":{"name":"pyopenssl","ecosystem":"PyPI","purl":"pkg:pypi/pyopenssl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"17.5.0"}]}],"versions":["0.10","0.11","0.12","0.13","0.13.1","0.14","0.15","0.15.1","0.6","0.7","0.8","0.9","16.0.0","16.1.0","16.2.0","17.0.0","17.1.0","17.2.0","17.3.0","17.4.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-p28m-34f6-967q/GHSA-p28m-34f6-967q.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}