First published: Mon Oct 08 2018(Updated: )
It was discovered that pyOpenSSL incorrectly handled memory when performing operations on a PKCS #12 store. A remote attacker could possibly use this issue to cause pyOpenSSL to consume resources, resulting in a denial of service. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection that would cause the calling application to reload certificates from a PKCS #12 store. This vulnerability appears to have been fixed in 17.5.0.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Pyopenssl Project Pyopenssl | <17.5.0 | |
Canonical Ubuntu Linux | =16.04 | |
Redhat Gluster Storage | =3.0 | |
Redhat Openstack | =13 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
redhat/pyOpenSSL | <17.5.0 | 17.5.0 |
pip/pyopenssl | <17.5.0 | 17.5.0 |
debian/pyopenssl | 20.0.1-1 23.0.0-1 24.2.1-1 24.3.0-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for pyOpenSSL is CVE-2018-1000808.
CVE-2018-1000808 has a severity rating of 5.9, which is considered medium.
CVE-2018-1000808 can be exploited by an attacker when memory runs low or is exhausted in the PKCS #12 Store, resulting in a denial of service.
To fix the CVE-2018-1000808 vulnerability in pyOpenSSL, update to version 17.5.0 or above.
You can find more information about CVE-2018-1000808 at the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2018-1000808), [GitHub](https://github.com/pyca/pyopenssl/pull/723), [Red Hat](https://access.redhat.com/errata/RHSA-2019:0085).