Miggo Logo

CVE-2018-1000872: PyKMIP Denial of service vulnerability

6.5

CVSS Score
3.0

Basic Information

EPSS Score
0.51495%
Published
12/21/2018
Updated
10/23/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
pykmippip< 0.8.00.8.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two key issues in server.py: 1) Missing socket timeout configuration during socket creation (no socket.setdefaulttimeout(10)), allowing accept() to block indefinitely. 2) Lack of explicit handling for socket.timeout exceptions in the accept() loop, preventing recovery from hung connections. The commit 3a7b880 explicitly addresses both by adding the timeout configuration and exception handling, confirming these were the vulnerable points. The serve() method's accept() loop is the critical path where resource exhaustion occurs.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Op*nKMIP PyKMIP v*rsion *ll v*rsions ***or* *.*.* *ont*ins * *W* ***: R*sour** M*n***m*nt *rrors (simil*r issu* to *V*-****-****) vuln*r**ility in PyKMIP s*rv*r t**t **n r*sult in *OS: t** s*rv*r **n ** m*** un*v*il**l* *y on* or mor* *li*nts op*nin*

Reasoning

T** vuln*r**ility st*ms *rom two k*y issu*s in `s*rv*r.py`: *) Missin* so*k*t tim*out *on*i*ur*tion *urin* so*k*t *r**tion (no `so*k*t.s*t****ulttim*out(**)`), *llowin* `****pt()` to *lo*k in***init*ly. *) L**k o* *xpli*it **n*lin* *or `so*k*t.tim*ou