CVE-2018-1000872

OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. This attack appear to be exploitable via A client or clients open sockets with the server and then never close them. This vulnerability appears to have been fixed in 0.8.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
pykmip_projectpykmip
𝑥
< 0.8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-pykmip
bullseye
0.10.0-3
fixed
bookworm
0.10.0-4
fixed
sid
0.10.0-7
fixed
trixie
0.10.0-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-pykmip
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
impish
ignored
hirsute
ignored
groovy
ignored
focal
needs-triage
eoan
ignored
disco
ignored
cosmic
ignored
bionic
needs-triage
xenial
needs-triage
trusty
dne
Common Weakness Enumeration
References
https://github.com/OpenKMIP/PyKMIP/issues/430
https://github.com/OpenKMIP/PyKMIP/issues/430