Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pyopenssl@0.7
Typepypi
Namespace
Namepyopenssl
Version0.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version17.5.0
Latest_non_vulnerable_version17.5.0
Affected_by_vulnerabilities
0
url VCID-de5n-619s-vugq
vulnerability_id VCID-de5n-619s-vugq
summary Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html
1
reference_url https://access.redhat.com/errata/RHSA-2019:0085
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0085
2
reference_url https://github.com/advisories/GHSA-2rcm-phc9-3945
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-2rcm-phc9-3945
3
reference_url https://github.com/pyca/pyopenssl
reference_id
reference_type
scores
url https://github.com/pyca/pyopenssl
4
reference_url https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
reference_id
reference_type
scores
url https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
5
reference_url https://github.com/pyca/pyopenssl/pull/723
reference_id
reference_type
scores
url https://github.com/pyca/pyopenssl/pull/723
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-24.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-24.yaml
7
reference_url https://usn.ubuntu.com/3813-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3813-1
8
reference_url https://usn.ubuntu.com/3813-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3813-1/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000808
reference_id CVE-2018-1000808
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000808
fixed_packages
0
url pkg:pypi/pyopenssl@17.5.0
purl pkg:pypi/pyopenssl@17.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@17.5.0
aliases CVE-2018-1000808, GHSA-2rcm-phc9-3945, PYSEC-2018-24
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-de5n-619s-vugq
1
url VCID-h5j7-qc1s-u7er
vulnerability_id VCID-h5j7-qc1s-u7er
summary Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html
1
reference_url https://access.redhat.com/errata/RHSA-2019:0085
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0085
2
reference_url https://github.com/advisories/GHSA-p28m-34f6-967q
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-p28m-34f6-967q
3
reference_url https://github.com/pyca/pyopenssl
reference_id
reference_type
scores
url https://github.com/pyca/pyopenssl
4
reference_url https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
reference_id
reference_type
scores
url https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
5
reference_url https://github.com/pyca/pyopenssl/pull/723
reference_id
reference_type
scores
url https://github.com/pyca/pyopenssl/pull/723
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-23.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-23.yaml
7
reference_url https://usn.ubuntu.com/3813-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3813-1
8
reference_url https://usn.ubuntu.com/3813-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3813-1/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000807
reference_id CVE-2018-1000807
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000807
fixed_packages
0
url pkg:pypi/pyopenssl@17.5.0
purl pkg:pypi/pyopenssl@17.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@17.5.0
aliases CVE-2018-1000807, GHSA-p28m-34f6-967q, PYSEC-2018-23
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h5j7-qc1s-u7er
2
url VCID-m9tf-ap7w-gfbm
vulnerability_id VCID-m9tf-ap7w-gfbm
summary The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-11/msg00015.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2013-11/msg00015.html
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1005325
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1005325
2
reference_url https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html
reference_id
reference_type
scores
url https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html
3
reference_url http://www.debian.org/security/2013/dsa-2763
reference_id
reference_type
scores
url http://www.debian.org/security/2013/dsa-2763
4
reference_url http://www.openwall.com/lists/oss-security/2013/09/06/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/09/06/2
5
reference_url http://www.ubuntu.com/usn/USN-1965-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-1965-1
fixed_packages
0
url pkg:pypi/pyopenssl@0.13.1
purl pkg:pypi/pyopenssl@0.13.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-de5n-619s-vugq
1
vulnerability VCID-h5j7-qc1s-u7er
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.13.1
aliases CVE-2013-4314, PYSEC-2013-31
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m9tf-ap7w-gfbm
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.7