{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35268?format=json","vulnerability_id":"VCID-de5n-619s-vugq","summary":"Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0.","aliases":[{"alias":"CVE-2018-1000808"},{"alias":"GHSA-2rcm-phc9-3945"},{"alias":"PYSEC-2018-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12079?format=json","purl":"pkg:pypi/pyopenssl@17.5.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@17.5.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7684?format=json","purl":"pkg:pypi/pyopenssl@0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"},{"vulnerability":"VCID-m9tf-ap7w-gfbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7685?format=json","purl":"pkg:pypi/pyopenssl@0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"},{"vulnerability":"VCID-m9tf-ap7w-gfbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/7686?format=json","purl":"pkg:pypi/pyopenssl@0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"},{"vulnerability":"VCID-m9tf-ap7w-gfbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/7687?format=json","purl":"pkg:pypi/pyopenssl@0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"},{"vulnerability":"VCID-m9tf-ap7w-gfbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/7688?format=json","purl":"pkg:pypi/pyopenssl@0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"},{"vulnerability":"VCID-m9tf-ap7w-gfbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/7689?format=json","purl":"pkg:pypi/pyopenssl@0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"},{"vulnerability":"VCID-m9tf-ap7w-gfbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/7690?format=json","purl":"pkg:pypi/pyopenssl@0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"},{"vulnerability":"VCID-m9tf-ap7w-gfbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/7691?format=json","purl":"pkg:pypi/pyopenssl@0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"},{"vulnerability":"VCID-m9tf-ap7w-gfbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/7692?format=json","purl":"pkg:pypi/pyopenssl@0.13.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.13.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12068?format=json","purl":"pkg:pypi/pyopenssl@0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/12069?format=json","purl":"pkg:pypi/pyopenssl@0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/12070?format=json","purl":"pkg:pypi/pyopenssl@0.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.15.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12071?format=json","purl":"pkg:pypi/pyopenssl@16.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@16.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/12072?format=json","purl":"pkg:pypi/pyopenssl@16.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@16.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/12073?format=json","purl":"pkg:pypi/pyopenssl@16.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@16.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/12074?format=json","purl":"pkg:pypi/pyopenssl@17.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@17.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/12075?format=json","purl":"pkg:pypi/pyopenssl@17.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@17.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/12076?format=json","purl":"pkg:pypi/pyopenssl@17.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@17.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/12077?format=json","purl":"pkg:pypi/pyopenssl@17.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@17.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/12078?format=json","purl":"pkg:pypi/pyopenssl@17.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@17.4.0"}],"references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0085","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0085"},{"reference_url":"https://github.com/advisories/GHSA-2rcm-phc9-3945","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2rcm-phc9-3945"},{"reference_url":"https://github.com/pyca/pyopenssl","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pyca/pyopenssl"},{"reference_url":"https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509"},{"reference_url":"https://github.com/pyca/pyopenssl/pull/723","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pyca/pyopenssl/pull/723"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-24.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-24.yaml"},{"reference_url":"https://usn.ubuntu.com/3813-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3813-1"},{"reference_url":"https://usn.ubuntu.com/3813-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3813-1/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000808","reference_id":"CVE-2018-1000808","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000808"}],"weaknesses":[{"cwe_id":401,"name":"Missing Release of Memory after Effective Lifetime","description":"The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory."},{"cwe_id":404,"name":"Improper Resource Shutdown or Release","description":"The product does not release or incorrectly releases a resource before it is made available for re-use."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-de5n-619s-vugq"}