CVE-2018-1000808

CVSS v4.0

8.2

High

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions pyopenssl versions prior to 17.5.0

Description The issue is related to a memory management problem in the PKCS #12 Store of pyopenssl, which can lead to a denial of service if memory runs low or is exhausted. This can be exploited by initiating a TLS connection or any action that causes the calling application to reload certificates from a PKCS #12 store, potentially allowing a remote attacker to consume resources. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For versions prior to 17.5.0, update to version 17.5.0 or later to resolve the issue. As a temporary workaround, consider restricting operations on PKCS #12 stores to minimize the risk of exploitation. Avoid initiating unnecessary TLS connections or actions that cause the calling application to reload certificates from a PKCS #12 store until the issue is resolved.

Fix

DoS

Memory Leak

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-404

Related Identifiers

CVE-2018-1000808

GHSA-2RCM-PHC9-3945

OPENSUSE-SU-2019_1104-1

PYSEC-2018-24

RHSA-2019:0085

SUSE-RU-2019:1161-1

SUSE-SU-2018:4063-1

SUSE-SU-2024:1626-1

USN-3813-1

Affected Products

Suse

Ubuntu

Pyopenssl

CVE-2018-1000808

Weakness Enumeration

Related Identifiers

Affected Products

References · 84