{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35203?format=json","vulnerability_id":"VCID-q2yu-yvd5-sbhs","summary":"tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ct_check_cbc_mac_and_pad(); line \"end_pos = data_len - 1 - mac.digest_size\" that can result in an attacker manipulating the TLS ciphertext which will not be detected by receiving tlslite-ng. This attack appears to be exploitable via man in the middle on a network connection. This vulnerability appears to have been fixed after commit 3674815d1b0f7484454995e2737a352e0a6a93d8.","aliases":[{"alias":"CVE-2018-1000159"},{"alias":"GHSA-cwh5-3cw7-4286"},{"alias":"PYSEC-2018-31"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11412?format=json","purl":"pkg:pypi/tlslite-ng@0.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.4"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/11382?format=json","purl":"pkg:pypi/tlslite-ng@0.5.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0b1"},{"url":"http://public2.vulnerablecode.io/api/packages/11383?format=json","purl":"pkg:pypi/tlslite-ng@0.5.0b2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0b2"},{"url":"http://public2.vulnerablecode.io/api/packages/11384?format=json","purl":"pkg:pypi/tlslite-ng@0.5.0b3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0b3"},{"url":"http://public2.vulnerablecode.io/api/packages/11385?format=json","purl":"pkg:pypi/tlslite-ng@0.5.0b4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0b4"},{"url":"http://public2.vulnerablecode.io/api/packages/11386?format=json","purl":"pkg:pypi/tlslite-ng@0.5.0b5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0b5"},{"url":"http://public2.vulnerablecode.io/api/packages/11387?format=json","purl":"pkg:pypi/tlslite-ng@0.5.0b6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0b6"},{"url":"http://public2.vulnerablecode.io/api/packages/11388?format=json","purl":"pkg:pypi/tlslite-ng@0.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/11389?format=json","purl":"pkg:pypi/tlslite-ng@0.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/11390?format=json","purl":"pkg:pypi/tlslite-ng@0.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/11391?format=json","purl":"pkg:pypi/tlslite-ng@0.6.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/11392?format=json","purl":"pkg:pypi/tlslite-ng@0.6.0a2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0a2"},{"url":"http://public2.vulnerablecode.io/api/packages/11393?format=json","purl":"pkg:pypi/tlslite-ng@0.6.0a3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0a3"},{"url":"http://public2.vulnerablecode.io/api/packages/11394?format=json","purl":"pkg:pypi/tlslite-ng@0.6.0a4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0a4"},{"url":"http://public2.vulnerablecode.io/api/packages/11395?format=json","purl":"pkg:pypi/tlslite-ng@0.6.0a5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0a5"},{"url":"http://public2.vulnerablecode.io/api/packages/11396?format=json","purl":"pkg:pypi/tlslite-ng@0.6.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0b1"},{"url":"http://public2.vulnerablecode.io/api/packages/11397?format=json","purl":"pkg:pypi/tlslite-ng@0.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/11398?format=json","purl":"pkg:pypi/tlslite-ng@0.7.0a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a1"},{"url":"http://public2.vulnerablecode.io/api/packages/11399?format=json","purl":"pkg:pypi/tlslite-ng@0.7.0a2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a2"},{"url":"http://public2.vulnerablecode.io/api/packages/11400?format=json","purl":"pkg:pypi/tlslite-ng@0.7.0a3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a3"},{"url":"http://public2.vulnerablecode.io/api/packages/11401?format=json","purl":"pkg:pypi/tlslite-ng@0.7.0a4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a4"},{"url":"http://public2.vulnerablecode.io/api/packages/11402?format=json","purl":"pkg:pypi/tlslite-ng@0.7.0a5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a5"},{"url":"http://public2.vulnerablecode.io/api/packages/11403?format=json","purl":"pkg:pypi/tlslite-ng@0.7.0a6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a6"},{"url":"http://public2.vulnerablecode.io/api/packages/11404?format=json","purl":"pkg:pypi/tlslite-ng@0.7.0a7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a7"},{"url":"http://public2.vulnerablecode.io/api/packages/11405?format=json","purl":"pkg:pypi/tlslite-ng@0.7.0a8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a8"},{"url":"http://public2.vulnerablecode.io/api/packages/11406?format=json","purl":"pkg:pypi/tlslite-ng@0.7.0a9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a9"},{"url":"http://public2.vulnerablecode.io/api/packages/11407?format=json","purl":"pkg:pypi/tlslite-ng@0.7.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0b1"},{"url":"http://public2.vulnerablecode.io/api/packages/11408?format=json","purl":"pkg:pypi/tlslite-ng@0.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/11409?format=json","purl":"pkg:pypi/tlslite-ng@0.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/11410?format=json","purl":"pkg:pypi/tlslite-ng@0.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/11411?format=json","purl":"pkg:pypi/tlslite-ng@0.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5ju3-cs33-8ygx"},{"vulnerability":"VCID-q2yu-yvd5-sbhs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.3"}],"references":[{"reference_url":"https://github.com/advisories/GHSA-cwh5-3cw7-4286","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cwh5-3cw7-4286"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tlslite-ng/PYSEC-2018-31.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tlslite-ng/PYSEC-2018-31.yaml"},{"reference_url":"https://github.com/tlsfuzzer/tlslite-ng/pull/234/commits/3674815d1b0f7484454995e2737a352e0a6a93d8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tlsfuzzer/tlslite-ng/pull/234/commits/3674815d1b0f7484454995e2737a352e0a6a93d8"},{"reference_url":"https://github.com/tomato42/tlslite-ng","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tomato42/tlslite-ng"},{"reference_url":"https://github.com/tomato42/tlslite-ng/pull/234","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tomato42/tlslite-ng/pull/234"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000159","reference_id":"CVE-2018-1000159","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000159"}],"weaknesses":[{"cwe_id":354,"name":"Improper Validation of Integrity Check Value","description":"The product does not validate or incorrectly validates the integrity check values or checksums of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q2yu-yvd5-sbhs"}