CVE-2018-1000872: PyKMIP Denial of service vulnerability
6.5
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.51495%
CWE
Published
12/21/2018
Updated
10/23/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
pykmip | pip | < 0.8.0 | 0.8.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from two key issues in server.py
: 1) Missing socket timeout configuration during socket creation (no socket.setdefaulttimeout(10)
), allowing accept()
to block indefinitely. 2) Lack of explicit handling for socket.timeout
exceptions in the accept()
loop, preventing recovery from hung connections. The commit 3a7b880
explicitly addresses both by adding the timeout configuration and exception handling, confirming these were the vulnerable points. The serve()
method's accept()
loop is the critical path where resource exhaustion occurs.