8.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2018-1000807

GHSA ID

GHSA-p28m-34f6-967q

EPSS Score

0.88745%

CWE

CWE-416

Published

10/10/2018

Updated

10/15/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-1000807

CVE-2018-1000807: PyOpenSSL Use-After-Free vulnerability

It was discovered that pyOpenSSL incorrectly handled memory when handling X509 objects. A remote attacker could use this issue to cause pyOpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This attack appears to be exploitable via Depends on the calling application and if it retains a reference to the memory. This vulnerability appears to have been fixed in 17.5.0.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2018-1000807

CVE-2018-1000807:

8.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2018-1000807

GHSA ID

GHSA-p28m-34f6-967q

EPSS Score

0.88745%

CWE

CWE-416

Published

10/10/2018

Updated

10/15/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
pyopenssl	pip	< 17.5.0	17.5.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The commit diff shows critical changes in X509 object handling:

In SSL.py's verify callback wrapper, the original code created X509 objects via new + direct _x509 assignment without calling X509_up_ref, leaving Python objects referencing potentially freed memory.
In crypto.py's PKCS12 loading, X509 objects were constructed from OpenSSL stack pointers without proper reference counting, causing leaks and UAF. The fixes introduced X509_up_ref and _from_raw_x509_ptr to manage ownership correctly. The vulnerability manifests when applications retain references to these improperly managed X509 objects.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2018-1000807: PyOpenSSL Use-After-Free vulnerability

CVE-2018-1000807:

8.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

8.1

8.1

Basic Information

Basic Information

CVE-2018-1000807: PyOpenSSL Use-After-Free vulnerability

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI