PT-2018-9532 · Openssl+2 · Pyopenssl+2

Reaperhulk

Publicado

2018-10-08

Atualizado

2024-05-13

CVE-2018-1000808

CVSS v4.0

8.2

Alta

Vetor

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions pyopenssl versions prior to 17.5.0

Description The issue is related to a memory management problem in the PKCS #12 Store of pyopenssl, which can lead to a denial of service if memory runs low or is exhausted. This can be exploited by initiating a TLS connection or any action that causes the calling application to reload certificates from a PKCS #12 store, potentially allowing a remote attacker to consume resources. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For versions prior to 17.5.0, update to version 17.5.0 or later to resolve the issue. As a temporary workaround, consider restricting operations on PKCS #12 stores to minimize the risk of exploitation. Avoid initiating unnecessary TLS connections or actions that cause the calling application to reload certificates from a PKCS #12 store until the issue is resolved.

Correção

DoS

Memory Leak

Improper Resource Release

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-401CWE-404

Identificadores relacionados

CVE-2018-1000808

GHSA-2RCM-PHC9-3945

OPENSUSE-SU-2019_1104-1

PYSEC-2018-24

RHSA-2019:0085

SUSE-RU-2019:1161-1

SUSE-SU-2018:4063-1

SUSE-SU-2024:1626-1

USN-3813-1

Produtos afetados

Suse

Ubuntu

Pyopenssl

PT-2018-9532 · Openssl+2 · Pyopenssl+2

CVE-2018-1000808

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 84