Bug 2255331 (CVE-2023-49083)

Summary: CVE-2023-49083 python-cryptography: NULL-dereference when loading PKCS7 certificates
Product: [Other] Security Response Reporter: TEJ RATHI <trathi>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: adudiak, amctagga, aoconnor, bdettelb, bniver, caswilli, davidn, dfreiber, dhalasz, drow, epacific, flucifre, gmeno, gtanzill, hhorak, hkataria, jburrell, jcammara, jhardy, jmitchel, jneedle, jobarker, jorton, jsamir, jsherril, jtanner, kaycoth, kshier, mabashia, mbenjamin, mhackett, mminar, orabin, osapryki, psegedy, python-maint, rbiba, rbobbitt, simaishi, smcdonal, sostapov, sskracic, stcannon, sthirugn, teagle, tfister, tsasak, vereddy, vkrizan, vkumar, vmugicag, yguenane, zsadeh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: python-cryptography 41.0.6 Doc Type: If docs needed, set a value
Doc Text:
A null-pointer dereference vulnerability was found in python-cryptography during the loading of PKCS7 certificates. Invoking "load_pem_pkcs7_certificates" or "load_der_pkcs7_certificates" can trigger this issue and lead to subsequent segmentation fault and result in a Denial of Service (DoS) for any application aiming to deserialize a PKCS7 blob or certificate. The potential impact includes disruptions in system availability and stability.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2255353, 2255358, 2255351, 2255352, 2255354, 2255356    
Bug Blocks: 2255359    

Description TEJ RATHI 2023-12-20 07:26:15 UTC 
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a
https://github.com/pyca/cryptography/pull/9926
https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
Comment 1 TEJ RATHI 2023-12-20 10:46:13 UTC 
Created python-cryptography tracking bugs for this issue:

Affects: fedora-all [bug 2255351]
Affects: openstack-rdo [bug 2255352]


Created python3-cryptography tracking bugs for this issue:

Affects: epel-all [bug 2255353]
Comment 8 Fedora Update System 2024-02-17 00:56:21 UTC 
FEDORA-2024-91f5df4002 (python-cryptography-41.0.7-1.fc39) has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 10 errata-xmlrpc 2024-04-02 19:30:14 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.4 for RHEL 9
  Red Hat Ansible Automation Platform 2.4 for RHEL 8

Via RHSA-2024:1640 https://access.redhat.com/errata/RHSA-2024:1640
Comment 11 errata-xmlrpc 2024-04-18 01:52:01 UTC 
This issue has been addressed in the following products:

  RHUI 4 for RHEL 8

Via RHSA-2024:1878 https://access.redhat.com/errata/RHSA-2024:1878
Comment 12 errata-xmlrpc 2024-04-30 10:04:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2337 https://access.redhat.com/errata/RHSA-2024:2337
Comment 13 errata-xmlrpc 2024-05-22 09:45:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3105 https://access.redhat.com/errata/RHSA-2024:3105