Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pyopenssl@17.5.0
Typepypi
Namespace
Namepyopenssl
Version17.5.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-de5n-619s-vugq
vulnerability_id VCID-de5n-619s-vugq
summary Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html
1
reference_url https://access.redhat.com/errata/RHSA-2019:0085
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0085
2
reference_url https://github.com/advisories/GHSA-2rcm-phc9-3945
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-2rcm-phc9-3945
3
reference_url https://github.com/pyca/pyopenssl
reference_id
reference_type
scores
url https://github.com/pyca/pyopenssl
4
reference_url https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
reference_id
reference_type
scores
url https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
5
reference_url https://github.com/pyca/pyopenssl/pull/723
reference_id
reference_type
scores
url https://github.com/pyca/pyopenssl/pull/723
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-24.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-24.yaml
7
reference_url https://usn.ubuntu.com/3813-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3813-1
8
reference_url https://usn.ubuntu.com/3813-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3813-1/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000808
reference_id CVE-2018-1000808
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000808
fixed_packages
0
url pkg:pypi/pyopenssl@17.5.0
purl pkg:pypi/pyopenssl@17.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@17.5.0
aliases CVE-2018-1000808, GHSA-2rcm-phc9-3945, PYSEC-2018-24
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-de5n-619s-vugq
1
url VCID-h5j7-qc1s-u7er
vulnerability_id VCID-h5j7-qc1s-u7er
summary Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html
1
reference_url https://access.redhat.com/errata/RHSA-2019:0085
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0085
2
reference_url https://github.com/advisories/GHSA-p28m-34f6-967q
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-p28m-34f6-967q
3
reference_url https://github.com/pyca/pyopenssl
reference_id
reference_type
scores
url https://github.com/pyca/pyopenssl
4
reference_url https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
reference_id
reference_type
scores
url https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
5
reference_url https://github.com/pyca/pyopenssl/pull/723
reference_id
reference_type
scores
url https://github.com/pyca/pyopenssl/pull/723
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-23.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-23.yaml
7
reference_url https://usn.ubuntu.com/3813-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3813-1
8
reference_url https://usn.ubuntu.com/3813-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3813-1/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000807
reference_id CVE-2018-1000807
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000807
fixed_packages
0
url pkg:pypi/pyopenssl@17.5.0
purl pkg:pypi/pyopenssl@17.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@17.5.0
aliases CVE-2018-1000807, GHSA-p28m-34f6-967q, PYSEC-2018-23
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h5j7-qc1s-u7er
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@17.5.0