Bug 2255331 (CVE-2023-49083)
| Summary: | CVE-2023-49083 python-cryptography: NULL-dereference when loading PKCS7 certificates | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | TEJ RATHI <trathi> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | adudiak, amctagga, aoconnor, bdettelb, bniver, caswilli, crizzo, dfreiber, dnakabaa, doconnor, dranck, drow, epacific, flucifre, gmeno, gtanzill, haoli, hhorak, hkataria, jajackso, jason.frey, jburrell, jcammara, jdobes, jhardy, jmitchel, jneedle, jobarker, jorton, jsamir, jsherril, jtanner, jvasik, jwong, kaycoth, kegrant, kholdawa, koliveir, kshier, lbrazdil, lcouzens, mabashia, mbenjamin, mhackett, mminar, mskarbek, omaciel, orabin, pbraun, python-maint, rbiba, rblanco, rbobbitt, shvarugh, simaishi, smcdonal, sostapov, sskracic, stcannon, sthirugn, teagle, tfister, thavo, tpfromme, tsasak, vereddy, vkrizan, vkumar, vmugicag, yguenane, zsadeh |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | python-cryptography 41.0.6 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A null-pointer dereference vulnerability was found in python-cryptography during the loading of PKCS7 certificates. Invoking "load_pem_pkcs7_certificates" or "load_der_pkcs7_certificates" can trigger this issue and lead to subsequent segmentation fault and result in a Denial of Service (DoS) for any application aiming to deserialize a PKCS7 blob or certificate. The potential impact includes disruptions in system availability and stability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2255353, 2255351, 2255352, 2255354, 2255356, 2255358 | ||
| Bug Blocks: | 2255359 | ||
|
Description
TEJ RATHI
2023-12-20 07:26:15 UTC
Created python-cryptography tracking bugs for this issue: Affects: fedora-all [bug 2255351] Affects: openstack-rdo [bug 2255352] Created python3-cryptography tracking bugs for this issue: Affects: epel-all [bug 2255353] FEDORA-2024-91f5df4002 (python-cryptography-41.0.7-1.fc39) has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.4 for RHEL 9 Red Hat Ansible Automation Platform 2.4 for RHEL 8 Via RHSA-2024:1640 https://access.redhat.com/errata/RHSA-2024:1640 This issue has been addressed in the following products: RHUI 4 for RHEL 8 Via RHSA-2024:1878 https://access.redhat.com/errata/RHSA-2024:1878 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2337 https://access.redhat.com/errata/RHSA-2024:2337 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3105 https://access.redhat.com/errata/RHSA-2024:3105 This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.4 for RHEL 9 Red Hat Ansible Automation Platform 2.4 for RHEL 8 Via RHSA-2024:3781 https://access.redhat.com/errata/RHSA-2024:3781 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:10965 https://access.redhat.com/errata/RHSA-2024:10965 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2025:13098 https://access.redhat.com/errata/RHSA-2025:13098 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:13102 https://access.redhat.com/errata/RHSA-2025:13102 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:13101 https://access.redhat.com/errata/RHSA-2025:13101 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:13100 https://access.redhat.com/errata/RHSA-2025:13100 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:13103 https://access.redhat.com/errata/RHSA-2025:13103 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:13104 https://access.redhat.com/errata/RHSA-2025:13104 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:14553 https://access.redhat.com/errata/RHSA-2025:14553 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:15874 https://access.redhat.com/errata/RHSA-2025:15874 |