UBUNTU-CVE-2018-1000808

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2018-1000808
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-1000808.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2018-1000808
Related
Published
2018-10-08T00:00:00Z
Modified
2018-10-08T00:00:00Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0.

References

Affected packages

Ubuntu:16.04:LTS / pyopenssl

Package

Name
pyopenssl
Purl
pkg:deb/ubuntu/pyopenssl?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.15.1-2ubuntu0.2

Affected versions

0.*

0.15.1-2build1

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.15.1-2ubuntu0.2",
            "binary_name": "python-openssl"
        },
        {
            "binary_version": "0.15.1-2ubuntu0.2",
            "binary_name": "python-openssl-doc"
        },
        {
            "binary_version": "0.15.1-2ubuntu0.2",
            "binary_name": "python3-openssl"
        }
    ]
}

Ubuntu:18.04:LTS / pyopenssl

Package

Name
pyopenssl
Purl
pkg:deb/ubuntu/pyopenssl?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.5.0-1

Affected versions

16.*

16.2.0-1

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "17.5.0-1",
            "binary_name": "python-openssl"
        },
        {
            "binary_version": "17.5.0-1",
            "binary_name": "python-openssl-doc"
        },
        {
            "binary_version": "17.5.0-1",
            "binary_name": "python3-openssl"
        }
    ]
}