Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-9uuq-2wcq-cbf1
Vulnerability ID VCID-9uuq-2wcq-cbf1
Aliases CVE-2018-1000807
GHSA-p28m-34f6-967q
PYSEC-2018-23
Summary Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-416 Use After Free
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 8.1 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html
generic_textual HIGH http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html
cvssv3.1 8.1 https://access.redhat.com/errata/RHSA-2019:0085
generic_textual HIGH https://access.redhat.com/errata/RHSA-2019:0085
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000807.json
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2018-1000807
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2018-1000807
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2018-1000807
epss 0.02881 https://api.first.org/data/v1/epss?cve=CVE-2018-1000807
epss 0.0303 https://api.first.org/data/v1/epss?cve=CVE-2018-1000807
epss 0.0303 https://api.first.org/data/v1/epss?cve=CVE-2018-1000807
epss 0.0303 https://api.first.org/data/v1/epss?cve=CVE-2018-1000807
epss 0.0303 https://api.first.org/data/v1/epss?cve=CVE-2018-1000807
epss 0.0303 https://api.first.org/data/v1/epss?cve=CVE-2018-1000807
epss 0.0303 https://api.first.org/data/v1/epss?cve=CVE-2018-1000807
epss 0.0303 https://api.first.org/data/v1/epss?cve=CVE-2018-1000807
epss 0.0303 https://api.first.org/data/v1/epss?cve=CVE-2018-1000807
epss 0.0303 https://api.first.org/data/v1/epss?cve=CVE-2018-1000807
epss 0.0303 https://api.first.org/data/v1/epss?cve=CVE-2018-1000807
cvssv3 8.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-p28m-34f6-967q
cvssv3.1 8.1 https://github.com/pyca/pyopenssl
generic_textual HIGH https://github.com/pyca/pyopenssl
cvssv3.1 8.1 https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
generic_textual HIGH https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
cvssv3.1 8.1 https://github.com/pyca/pyopenssl/pull/723
generic_textual HIGH https://github.com/pyca/pyopenssl/pull/723
cvssv3.1 8.1 https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-23.yaml
generic_textual HIGH https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-23.yaml
cvssv3.1 8.1 https://nvd.nist.gov/vuln/detail/CVE-2018-1000807
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2018-1000807
cvssv3.1 8.1 https://usn.ubuntu.com/3813-1
generic_textual HIGH https://usn.ubuntu.com/3813-1
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html
https://access.redhat.com/errata/RHSA-2019:0085
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000807.json
https://api.first.org/data/v1/epss?cve=CVE-2018-1000807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000807
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/advisories/GHSA-p28m-34f6-967q
https://github.com/pyca/pyopenssl
https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
https://github.com/pyca/pyopenssl/pull/723
https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-23.yaml
https://usn.ubuntu.com/3813-1
https://usn.ubuntu.com/3813-1/
1640217 https://bugzilla.redhat.com/show_bug.cgi?id=1640217
CVE-2018-1000807 https://nvd.nist.gov/vuln/detail/CVE-2018-1000807
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2019:0085
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000807.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pyca/pyopenssl
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pyca/pyopenssl/pull/723
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-23.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-1000807
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://usn.ubuntu.com/3813-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.86328
EPSS Score 0.02881
Published At April 24, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:41:49.955364+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/pyopenssl/PYSEC-2018-23.yaml 38.0.0