2249750 – (CVE-2022-48564) CVE-2022-48564 python: DoS when processing malformed Apple Property List files in binary format

Bug 2249750 (CVE-2022-48564) - CVE-2022-48564 python: DoS when processing malformed Apple Property List files in binary format

Summary: CVE-2022-48564 python: DoS when processing malformed Apple Property List file...

Keywords:
Status:	NEW
Alias:	CVE-2022-48564
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2250587 2250588 2250589
Blocks:	2249765
TreeView+	depends on / blocked

Reported:	2023-11-15 07:28 UTC by TEJ RATHI
Modified:	2024-04-04 12:33 UTC (History)
CC List:	4 users (show)
Fixed In Version:	python 3.10.0, python 3.9.1, python 3.8.7, python 3.7.10, python 3.6.13
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in the Python core plistlib library within the read_ints() function in the plistlib.py file. In malformed input, the implementation can be manipulated to create an argument for struct.unpack(). This issue can lead to excessive CPU and memory consumption, resulting in a MemError, as it constructs the 'format' argument for unpack(). This flaw allows an attacker to employ a binary plist input, potentially executing a denial of service (DoS) attack by exhausting CPU and RAM resources.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:0114	None	None	None	2024-01-10 11:29:39 UTC
Red Hat Product Errata	RHSA-2024:0430	None	None	None	2024-01-24 16:49:40 UTC
Red Hat Product Errata	RHSA-2024:0586	None	None	None	2024-01-30 13:25:14 UTC

Description TEJ RATHI 2023-11-15 07:28:11 UTC

The Python's read_ints() in plistlib.py is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.

https://bugs.python.org/issue42103
https://github.com/python/cpython/issues/86269
https://github.com/python/cpython/commit/34637a0ce21e7261b952fbd9d006474cc29b681f (v3.10.0a2)
https://github.com/python/cpython/commit/e277cb76989958fdbc092bf0b2cb55c43e86610a (v3.9.1rc1)
https://github.com/python/cpython/commit/547d2bcc55e348043b2f338027c1acd9549ada76 (v3.8.7rc1)
https://github.com/python/cpython/commit/225e3659556616ad70186e7efc02baeebfeb5ec4 (v3.7.10)
https://github.com/python/cpython/commit/a63234c49b2fbfb6f0aca32525e525ce3d43b2b4 (v3.6.13)

Comment 4 Sandipan Roy 2023-11-20 05:25:15 UTC

Created python3.11 tracking bugs for this issue:

Affects: fedora-all [bug 2250587]


Created python3.12 tracking bugs for this issue:

Affects: fedora-all [bug 2250588]


Created python3.13 tracking bugs for this issue:

Affects: fedora-all [bug 2250589]

Comment 5 errata-xmlrpc 2024-01-10 11:29:38 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0114 https://access.redhat.com/errata/RHSA-2024:0114

Comment 6 errata-xmlrpc 2024-01-24 16:49:39 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0430 https://access.redhat.com/errata/RHSA-2024:0430

Comment 7 errata-xmlrpc 2024-01-30 13:25:12 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:0586 https://access.redhat.com/errata/RHSA-2024:0586

Note You need to log in before you can comment on or make changes to this bug.