GHSA-p28m-34f6-967q · Severity: high · Ecosystem: pip — PyOpenSSL Use-After-Free vulnerability
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.
Conclusion & alert: CVE-2018-1000807 is rated Moderate Risk (62.5/100): CVSS High severity, with medium exploitation likelihood (EPSS 2.88%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-04-24 | 3.03% | 2.88% | -0.15% |
| 2 | 2025-12-05 | 5.33% | 3.03% | -2.30% |
| 3 | 2025-12-02 | — | 5.33% | — |
Full EPSS history (21 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 8.1 | 3.1 | HIGH |
|
2.2 | 5.9 | [email protected] |
| 6.8 | 2.0 | MEDIUM |
|
8.6 | 6.4 | [email protected] |
GHSA-p28m-34f6-967q · Severity: high · Ecosystem: pip — PyOpenSSL Use-After-Free vulnerability
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2018-1000807 not yet assigned priority: Debian including 1 source packages (pyopenssl), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2018-1000807 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2018-1000807 |
suse
|
high | CVE-2018-1000807 severity important: SUSE including 461 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 981 product×package rows across 86 product lines (HPE Helion OpenStack 8, Image SLES12-SP5-Azure-BYOS, … (86 product lines)): Fixed 687, Known Affected 231, Known Not Affected 63. | https://www.suse.com/security/cve/CVE-2018-1000807/ |
ubuntu
|
medium | CVE-2018-1000807 medium priority: Ubuntu including 1 source packages (pyopenssl), 5 status rows across 5 suites (bionic, cosmic, trusty, upstream, xenial): not-affected 3, released 2. | https://ubuntu.com/security/CVE-2018-1000807 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| pyopenssl | pyopenssl | < 17.5.0 | cpe:2.3:a:pyopenssl:pyopenssl:*:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 16.04 | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* |
| redhat | openstack | 13 | cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:* |
| redhat | enterprise_linux_desktop | 7.0 | cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux_server | 7.0 | cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux_workstation | 7.0 | cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html | Mailing List Third Party Advisory |
| https://access.redhat.com/errata/RHSA-2019:0085 | Third Party Advisory |
| https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509 | |
| https://github.com/pyca/pyopenssl/pull/723 | Patch Third Party Advisory |
| https://usn.ubuntu.com/3813-1/ | Third Party Advisory |