PT-2018-9594 · Python Key Management Interoperability Protocol · Pykmip

Stevebriskin

Published

2018-12-20

Updated

2019-10-03

CVE-2018-1000872

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: PyKMIP version prior to 0.8.0

Description: The issue is related to resource management errors, where the PyKMIP server can be made unavailable due to one or more clients opening all available sockets and never closing them. This can result in a denial-of-service (DOS) condition.

Recommendations: For versions prior to 0.8.0, update to version 0.8.0 to resolve the issue. As a temporary workaround, consider restricting access to the PyKMIP server to minimize the risk of exploitation.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2018-1000872

GHSA-GFV6-CJ92-G3HX

PYSEC-2018-22

SUSE-SU-2019:0391-1

SUSE-SU-2019:1450-1

Affected Products

Pykmip

PT-2018-9594 · Python Key Management Interoperability Protocol · Pykmip

CVE-2018-1000872

Weakness Enumeration

Related Identifiers

Affected Products

References · 38