Miggo Logo

CVE-2018-1000807: PyOpenSSL Use-After-Free vulnerability

8.1

CVSS Score
3.1

Basic Information

EPSS Score
0.88745%
Published
10/10/2018
Updated
10/15/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
pyopensslpip< 17.5.017.5.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit diff shows critical changes in X509 object handling:

  1. In SSL.py's verify callback wrapper, the original code created X509 objects via new + direct _x509 assignment without calling X509_up_ref, leaving Python objects referencing potentially freed memory.
  2. In crypto.py's PKCS12 loading, X509 objects were constructed from OpenSSL stack pointers without proper reference counting, causing leaks and UAF. The fixes introduced X509_up_ref and _from_raw_x509_ptr to manage ownership correctly. The vulnerability manifests when applications retain references to these improperly managed X509 objects.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

It w*s *is*ov*r** t**t pyOp*nSSL in*orr**tly **n*l** m*mory w**n **n*lin* X*** o*j**ts. * r*mot* *tt**k*r *oul* us* t*is issu* to **us* pyOp*nSSL to *r*s*, r*sultin* in * **ni*l o* s*rvi**, or possi*ly *x**ut* *r*itr*ry *o**. T*is *tt**k *pp**rs to *

Reasoning

T** *ommit *i** s*ows *riti**l ***n**s in X*** o*j**t **n*lin*: *. In SSL.py's v*ri*y **ll***k wr*pp*r, t** ori*in*l *o** *r**t** X*** o*j**ts vi* __n*w__ + *ir**t _x*** *ssi*nm*nt wit*out **llin* X***_up_r**, l**vin* Pyt*on o*j**ts r***r*n*in* pot*n