Python Cryptographic Authority pyopenssl X509 Object Handling Use-After-Free Vulnerability



A vulnerability in Python Cryptographic Authority pyopenssl could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to improper handling of X509 objects by the affected software. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. A successful exploit could trigger a use-after-free condition that the attacker could use to execute arbitrary code or cause a DoS condition.

Python Cryptographic Authority has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2018-1000807

Source:: Cisco Multivendor Vulnerability Alerts