Bug 2249750 (CVE-2022-48564)

Summary: CVE-2022-48564 python: DoS when processing malformed Apple Property List files in binary format
Product: [Other] Security Response Reporter: TEJ RATHI <trathi>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: gsuckevi, hhorak, jorton, python-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: python 3.10.0, python 3.9.1, python 3.8.7, python 3.7.10, python 3.6.13 Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the Python core plistlib library within the read_ints() function in the plistlib.py file. In malformed input, the implementation can be manipulated to create an argument for struct.unpack(). This issue can lead to excessive CPU and memory consumption, resulting in a MemError, as it constructs the 'format' argument for unpack(). This flaw allows an attacker to employ a binary plist input, potentially executing a denial of service (DoS) attack by exhausting CPU and RAM resources.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2250587, 2250588, 2250589    
Bug Blocks: 2249765    

Description TEJ RATHI 2023-11-15 07:28:11 UTC 
The Python's read_ints() in plistlib.py is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.

https://bugs.python.org/issue42103
https://github.com/python/cpython/issues/86269
https://github.com/python/cpython/commit/34637a0ce21e7261b952fbd9d006474cc29b681f (v3.10.0a2)
https://github.com/python/cpython/commit/e277cb76989958fdbc092bf0b2cb55c43e86610a (v3.9.1rc1)
https://github.com/python/cpython/commit/547d2bcc55e348043b2f338027c1acd9549ada76 (v3.8.7rc1)
https://github.com/python/cpython/commit/225e3659556616ad70186e7efc02baeebfeb5ec4 (v3.7.10)
https://github.com/python/cpython/commit/a63234c49b2fbfb6f0aca32525e525ce3d43b2b4 (v3.6.13)
Comment 4 Sandipan Roy 2023-11-20 05:25:15 UTC 
Created python3.11 tracking bugs for this issue:

Affects: fedora-all [bug 2250587]


Created python3.12 tracking bugs for this issue:

Affects: fedora-all [bug 2250588]


Created python3.13 tracking bugs for this issue:

Affects: fedora-all [bug 2250589]
Comment 5 errata-xmlrpc 2024-01-10 11:29:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0114 https://access.redhat.com/errata/RHSA-2024:0114
Comment 6 errata-xmlrpc 2024-01-24 16:49:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0430 https://access.redhat.com/errata/RHSA-2024:0430
Comment 7 errata-xmlrpc 2024-01-30 13:25:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:0586 https://access.redhat.com/errata/RHSA-2024:0586