{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35269?format=json","vulnerability_id":"VCID-h5j7-qc1s-u7er","summary":"Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.","aliases":[{"alias":"CVE-2018-1000807"},{"alias":"GHSA-p28m-34f6-967q"},{"alias":"PYSEC-2018-23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/12079?format=json","purl":"pkg:pypi/pyopenssl@17.5.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@17.5.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7684?format=json","purl":"pkg:pypi/pyopenssl@0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"},{"vulnerability":"VCID-m9tf-ap7w-gfbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/7685?format=json","purl":"pkg:pypi/pyopenssl@0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"},{"vulnerability":"VCID-m9tf-ap7w-gfbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/7686?format=json","purl":"pkg:pypi/pyopenssl@0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"},{"vulnerability":"VCID-m9tf-ap7w-gfbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/7687?format=json","purl":"pkg:pypi/pyopenssl@0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"},{"vulnerability":"VCID-m9tf-ap7w-gfbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/7688?format=json","purl":"pkg:pypi/pyopenssl@0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"},{"vulnerability":"VCID-m9tf-ap7w-gfbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/7689?format=json","purl":"pkg:pypi/pyopenssl@0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"},{"vulnerability":"VCID-m9tf-ap7w-gfbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/7690?format=json","purl":"pkg:pypi/pyopenssl@0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"},{"vulnerability":"VCID-m9tf-ap7w-gfbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/7691?format=json","purl":"pkg:pypi/pyopenssl@0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"},{"vulnerability":"VCID-m9tf-ap7w-gfbm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/7692?format=json","purl":"pkg:pypi/pyopenssl@0.13.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.13.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12068?format=json","purl":"pkg:pypi/pyopenssl@0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/12069?format=json","purl":"pkg:pypi/pyopenssl@0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/12070?format=json","purl":"pkg:pypi/pyopenssl@0.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@0.15.1"},{"url":"http://public2.vulnerablecode.io/api/packages/12071?format=json","purl":"pkg:pypi/pyopenssl@16.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@16.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/12072?format=json","purl":"pkg:pypi/pyopenssl@16.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@16.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/12073?format=json","purl":"pkg:pypi/pyopenssl@16.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@16.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/12074?format=json","purl":"pkg:pypi/pyopenssl@17.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@17.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/12075?format=json","purl":"pkg:pypi/pyopenssl@17.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@17.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/12076?format=json","purl":"pkg:pypi/pyopenssl@17.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@17.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/12077?format=json","purl":"pkg:pypi/pyopenssl@17.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@17.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/12078?format=json","purl":"pkg:pypi/pyopenssl@17.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-de5n-619s-vugq"},{"vulnerability":"VCID-h5j7-qc1s-u7er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pyopenssl@17.4.0"}],"references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0085","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0085"},{"reference_url":"https://github.com/advisories/GHSA-p28m-34f6-967q","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p28m-34f6-967q"},{"reference_url":"https://github.com/pyca/pyopenssl","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pyca/pyopenssl"},{"reference_url":"https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509"},{"reference_url":"https://github.com/pyca/pyopenssl/pull/723","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pyca/pyopenssl/pull/723"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-23.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-23.yaml"},{"reference_url":"https://usn.ubuntu.com/3813-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3813-1"},{"reference_url":"https://usn.ubuntu.com/3813-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3813-1/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000807","reference_id":"CVE-2018-1000807","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000807"}],"weaknesses":[{"cwe_id":416,"name":"Use After Free","description":"Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h5j7-qc1s-u7er"}