Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2018-1000808
HistoryOct 08, 2018 - 12:00 a.m.

CVE-2018-1000808

2018-10-0800:00:00
ubuntu.com
ubuntu.com
4

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

68.8%

JSON

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a
CWE - 401 : Failure to Release Memory Before Removing Last Reference
vulnerability in PKCS #12 Store that can result in Denial of service if
memory runs low or is exhausted. This attack appear to be exploitable via
Depends upon calling application, however it could be as simple as
initiating a TLS connection. Anything that would cause the calling
application to reload certificates from a PKCS #12 store… This
vulnerability appears to have been fixed in 17.5.0.

Notes

Author Note
mdeslaur requires python-cryptography 2.1.4 which adds X509_up_ref, see https://github.com/pyca/cryptography/pull/4028
OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchpyopenssl< 0.15.1-2ubuntu0.2UNKNOWN

Related

nessus 15
cve 1
osv 3
nvd 1
veracode 1
alpinelinux 1
prion 1
cvelist 1
github 1
debiancve 1
redhatcve 1
openvas 7
redhat 1
ubuntu 1
suse 1
nessus
nessus
RHEL 6 : pyopenssl (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 7 : pyopenssl (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 7 : pyopenssl (Unpatched Vulnerability)
2024-06-03 00:00:00
cve
cve
CVE-2018-1000808
2018-10-08 15:29:00
osv
osv
CVE-2018-1000808
2018-10-08 15:29:00
Pyopenssl Incorrect Memory Management
2018-10-10 16:10:23
PYSEC-2018-24
2018-10-08 15:29:00
nvd
nvd
CVE-2018-1000808
2018-10-08 15:29:00
veracode
veracode
Denial Of Service (DoS)
2018-10-09 05:15:02
alpinelinux
alpinelinux
CVE-2018-1000808
2018-10-08 15:29:00
prion
prion
Memory corruption
2018-10-08 15:29:00
cvelist
cvelist
CVE-2018-1000808
2018-10-08 15:00:00
github
github
Pyopenssl Incorrect Memory Management
2018-10-10 16:10:23
debiancve
debiancve
CVE-2018-1000808
2018-10-08 15:29:00
redhatcve
redhatcve
CVE-2018-1000808
2018-10-17 15:19:32
openvas
openvas
Huawei EulerOS: Security Advisory for pyOpenSSL (EulerOS-SA-2020-1320)
2020-03-24 00:00:00
Huawei EulerOS: Security Advisory for pyOpenSSL (EulerOS-SA-2023-1283)
2023-01-31 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1626-1)
2024-05-14 00:00:00
redhat
redhat
(RHSA-2019:0085) Moderate: pyOpenSSL security and bug fix update
2019-01-16 17:04:10
ubuntu
ubuntu
pyOpenSSL vulnerabilities
2018-11-08 00:00:00
suse
suse
Security update for python-cryptography, python-pyOpenSSL (important)
2019-04-02 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

68.8%

JSON
Related for UB:CVE-2018-1000808
nessus15cve1osv3nvd1veracode1alpinelinux1prion1cvelist1github1debiancve1redhatcve1openvas7redhat1ubuntu1suse1