Bug 2235789 (CVE-2023-40217) - CVE-2023-40217 python: TLS handshake bypass
Summary: CVE-2023-40217 python: TLS handshake bypass
Keywords:
Status: NEW
Alias: CVE-2023-40217
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2235792 2235793 2235794 2235851 2236275 2236276 2236277 2236278 2236279 2236281 2236282 2236291 2236293 2236294 2236295 2236296
Blocks: 2235780
TreeView+ depends on / blocked
 
Reported: 2023-08-29 18:17 UTC by Chess Hazlett
Modified: 2024-05-29 18:35 UTC (History)
14 users (show)

Fixed In Version: Python 3.11.5, Python 3.10.13, Python 3.9.18, Python 3.8.18
Doc Type: If docs needed, set a value
Doc Text:
Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:5508 0 None None None 2023-10-09 01:20:19 UTC
Red Hat Product Errata RHBA-2023:5510 0 None None None 2023-10-09 01:21:50 UTC
Red Hat Product Errata RHBA-2023:5511 0 None None None 2023-10-09 01:22:31 UTC
Red Hat Product Errata RHBA-2023:5520 0 None None None 2023-10-09 09:38:24 UTC
Red Hat Product Errata RHBA-2023:5524 0 None None None 2023-10-09 09:53:31 UTC
Red Hat Product Errata RHBA-2023:5525 0 None None None 2023-10-09 09:53:28 UTC
Red Hat Product Errata RHBA-2023:5545 0 None None None 2023-10-09 16:23:55 UTC
Red Hat Product Errata RHBA-2023:5549 0 None None None 2023-10-10 09:40:10 UTC
Red Hat Product Errata RHBA-2023:5562 0 None None None 2023-10-10 10:15:56 UTC
Red Hat Product Errata RHBA-2023:5563 0 None None None 2023-10-10 10:06:48 UTC
Red Hat Product Errata RHBA-2023:5564 0 None None None 2023-10-10 10:07:44 UTC
Red Hat Product Errata RHBA-2023:5565 0 None None None 2023-10-10 10:07:57 UTC
Red Hat Product Errata RHBA-2023:5570 0 None None None 2023-10-10 10:10:55 UTC
Red Hat Product Errata RHBA-2023:5583 0 None None None 2023-10-10 13:42:27 UTC
Red Hat Product Errata RHBA-2023:6035 0 None None None 2023-10-23 15:49:01 UTC
Red Hat Product Errata RHBA-2023:6046 0 None None None 2023-10-23 20:23:52 UTC
Red Hat Product Errata RHBA-2023:6047 0 None None None 2023-10-23 20:24:34 UTC
Red Hat Product Errata RHBA-2023:6049 0 None None None 2023-10-23 20:38:00 UTC
Red Hat Product Errata RHBA-2023:6050 0 None None None 2023-10-23 20:31:46 UTC
Red Hat Product Errata RHBA-2023:6051 0 None None None 2023-10-23 20:44:55 UTC
Red Hat Product Errata RHBA-2023:6052 0 None None None 2023-10-23 20:32:45 UTC
Red Hat Product Errata RHBA-2023:6053 0 None None None 2023-10-23 20:50:53 UTC
Red Hat Product Errata RHBA-2023:6056 0 None None None 2023-10-23 21:10:36 UTC
Red Hat Product Errata RHBA-2023:6070 0 None None None 2023-10-24 08:55:03 UTC
Red Hat Product Errata RHBA-2023:6075 0 None None None 2023-10-24 11:01:20 UTC
Red Hat Product Errata RHBA-2023:6086 0 None None None 2023-10-24 15:37:14 UTC
Red Hat Product Errata RHBA-2023:6087 0 None None None 2023-10-24 15:37:39 UTC
Red Hat Product Errata RHBA-2023:6088 0 None None None 2023-10-24 15:37:50 UTC
Red Hat Product Errata RHBA-2023:6089 0 None None None 2023-10-24 15:38:04 UTC
Red Hat Product Errata RHBA-2023:6090 0 None None None 2023-10-24 15:36:50 UTC
Red Hat Product Errata RHBA-2023:6091 0 None None None 2023-10-24 15:38:23 UTC
Red Hat Product Errata RHBA-2023:6092 0 None None None 2023-10-24 15:38:18 UTC
Red Hat Product Errata RHBA-2023:6100 0 None None None 2023-10-25 08:00:39 UTC
Red Hat Product Errata RHBA-2023:6101 0 None None None 2023-10-25 08:46:59 UTC
Red Hat Product Errata RHBA-2023:6102 0 None None None 2023-10-25 09:00:35 UTC
Red Hat Product Errata RHBA-2023:6103 0 None None None 2023-10-25 09:09:23 UTC
Red Hat Product Errata RHBA-2023:6110 0 None None None 2023-10-25 12:34:40 UTC
Red Hat Product Errata RHBA-2023:6135 0 None None None 2023-10-26 06:19:35 UTC
Red Hat Product Errata RHBA-2023:6136 0 None None None 2023-10-26 08:32:57 UTC
Red Hat Product Errata RHBA-2023:6157 0 None None None 2023-10-30 01:06:38 UTC
Red Hat Product Errata RHBA-2023:6166 0 None None None 2023-10-30 08:29:54 UTC
Red Hat Product Errata RHBA-2023:6173 0 None None None 2023-10-30 12:39:30 UTC
Red Hat Product Errata RHBA-2023:6213 0 None None None 2023-10-31 11:28:56 UTC
Red Hat Product Errata RHBA-2023:6253 0 None None None 2023-11-01 23:03:37 UTC
Red Hat Product Errata RHBA-2023:6270 0 None None None 2023-11-02 09:58:44 UTC
Red Hat Product Errata RHBA-2023:6794 0 None None None 2023-11-08 08:11:41 UTC
Red Hat Product Errata RHBA-2023:6800 0 None None None 2023-11-08 09:36:14 UTC
Red Hat Product Errata RHBA-2023:6826 0 None None None 2023-11-08 16:55:42 UTC
Red Hat Product Errata RHBA-2023:6851 0 None None None 2023-11-09 13:25:17 UTC
Red Hat Product Errata RHBA-2023:6857 0 None None None 2023-11-09 15:55:07 UTC
Red Hat Product Errata RHBA-2023:6881 0 None None None 2023-11-13 01:10:26 UTC
Red Hat Product Errata RHBA-2023:6890 0 None None None 2023-11-13 12:10:37 UTC
Red Hat Product Errata RHBA-2023:7221 0 None None None 2023-11-15 01:27:03 UTC
Red Hat Product Errata RHBA-2023:7281 0 None None None 2023-11-15 19:13:16 UTC
Red Hat Product Errata RHBA-2023:7291 0 None None None 2023-11-15 19:27:11 UTC
Red Hat Product Errata RHBA-2023:7292 0 None None None 2023-11-15 19:27:33 UTC
Red Hat Product Errata RHBA-2023:7293 0 None None None 2023-11-15 19:29:44 UTC
Red Hat Product Errata RHBA-2023:7329 0 None None None 2023-11-16 11:31:23 UTC
Red Hat Product Errata RHBA-2023:7339 0 None None None 2023-11-16 18:01:25 UTC
Red Hat Product Errata RHBA-2023:7498 0 None None None 2023-11-27 15:03:58 UTC
Red Hat Product Errata RHBA-2023:7652 0 None None None 2023-12-05 14:29:06 UTC
Red Hat Product Errata RHBA-2023:7654 0 None None None 2023-12-05 15:26:05 UTC
Red Hat Product Errata RHBA-2023:7659 0 None None None 2023-12-05 18:51:20 UTC
Red Hat Product Errata RHBA-2023:7701 0 None None None 2023-12-07 14:29:03 UTC
Red Hat Product Errata RHBA-2023:7722 0 None None None 2023-12-11 14:12:01 UTC
Red Hat Product Errata RHBA-2023:7723 0 None None None 2023-12-11 14:12:06 UTC
Red Hat Product Errata RHBA-2023:7862 0 None None None 2023-12-14 21:00:12 UTC
Red Hat Product Errata RHSA-2023:5456 0 None None None 2023-10-05 13:31:53 UTC
Red Hat Product Errata RHSA-2023:5462 0 None None None 2023-10-05 13:33:27 UTC
Red Hat Product Errata RHSA-2023:5463 0 None None None 2023-10-05 13:59:19 UTC
Red Hat Product Errata RHSA-2023:5472 0 None None None 2023-10-05 14:23:57 UTC
Red Hat Product Errata RHSA-2023:5528 0 None None None 2023-10-09 09:55:16 UTC
Red Hat Product Errata RHSA-2023:5531 0 None None None 2023-10-09 10:15:11 UTC
Red Hat Product Errata RHSA-2023:5990 0 None None None 2023-10-23 09:12:02 UTC
Red Hat Product Errata RHSA-2023:5991 0 None None None 2023-10-23 09:12:16 UTC
Red Hat Product Errata RHSA-2023:5992 0 None None None 2023-10-23 09:15:35 UTC
Red Hat Product Errata RHSA-2023:5993 0 None None None 2023-10-23 09:18:38 UTC
Red Hat Product Errata RHSA-2023:5994 0 None None None 2023-10-23 09:39:04 UTC
Red Hat Product Errata RHSA-2023:5995 0 None None None 2023-10-23 09:25:59 UTC
Red Hat Product Errata RHSA-2023:5996 0 None None None 2023-10-23 09:26:16 UTC
Red Hat Product Errata RHSA-2023:5997 0 None None None 2023-10-23 09:40:01 UTC
Red Hat Product Errata RHSA-2023:5998 0 None None None 2023-10-23 09:39:42 UTC
Red Hat Product Errata RHSA-2023:6068 0 None None None 2023-10-24 07:11:08 UTC
Red Hat Product Errata RHSA-2023:6069 0 None None None 2023-10-24 07:08:18 UTC
Red Hat Product Errata RHSA-2023:6290 0 None None None 2023-11-02 15:49:58 UTC
Red Hat Product Errata RHSA-2023:6793 0 None None None 2023-11-08 08:17:18 UTC
Red Hat Product Errata RHSA-2023:6823 0 None None None 2023-11-08 15:39:10 UTC
Red Hat Product Errata RHSA-2023:6885 0 None None None 2023-11-13 09:01:54 UTC

Description Chess Hazlett 2023-08-29 18:17:51 UTC
NOTE: Initial impact from community is High, reads more like a Mod to me. No NVD score yet. Please assess.
----------
Collected: Fri 25 Aug 2023 01:51:30 -0400 #151953
URL: https://nvd.nist.gov/vuln/detail/CVE-2023-40217
Severity: High
CVE(s): CVE-2023-40217
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/
https://www.python.org/dev/security/

Comment 14 errata-xmlrpc 2023-10-05 13:31:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5456 https://access.redhat.com/errata/RHSA-2023:5456

Comment 15 errata-xmlrpc 2023-10-05 13:33:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5462 https://access.redhat.com/errata/RHSA-2023:5462

Comment 16 errata-xmlrpc 2023-10-05 13:59:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5463 https://access.redhat.com/errata/RHSA-2023:5463

Comment 17 errata-xmlrpc 2023-10-05 14:23:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5472 https://access.redhat.com/errata/RHSA-2023:5472

Comment 18 errata-xmlrpc 2023-10-09 09:55:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:5528 https://access.redhat.com/errata/RHSA-2023:5528

Comment 19 errata-xmlrpc 2023-10-09 10:15:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5531 https://access.redhat.com/errata/RHSA-2023:5531

Comment 21 errata-xmlrpc 2023-10-23 09:11:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:5990 https://access.redhat.com/errata/RHSA-2023:5990

Comment 22 errata-xmlrpc 2023-10-23 09:12:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:5991 https://access.redhat.com/errata/RHSA-2023:5991

Comment 23 errata-xmlrpc 2023-10-23 09:15:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:5992 https://access.redhat.com/errata/RHSA-2023:5992

Comment 24 errata-xmlrpc 2023-10-23 09:18:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5993 https://access.redhat.com/errata/RHSA-2023:5993

Comment 25 errata-xmlrpc 2023-10-23 09:25:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:5995 https://access.redhat.com/errata/RHSA-2023:5995

Comment 26 errata-xmlrpc 2023-10-23 09:26:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:5996 https://access.redhat.com/errata/RHSA-2023:5996

Comment 27 errata-xmlrpc 2023-10-23 09:39:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5994 https://access.redhat.com/errata/RHSA-2023:5994

Comment 28 errata-xmlrpc 2023-10-23 09:39:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5998 https://access.redhat.com/errata/RHSA-2023:5998

Comment 29 errata-xmlrpc 2023-10-23 09:39:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5997 https://access.redhat.com/errata/RHSA-2023:5997

Comment 30 errata-xmlrpc 2023-10-24 07:08:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:6069 https://access.redhat.com/errata/RHSA-2023:6069

Comment 31 errata-xmlrpc 2023-10-24 07:11:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:6068 https://access.redhat.com/errata/RHSA-2023:6068

Comment 33 YunmingYang 2023-10-25 07:56:24 UTC
According the results of https://issues.redhat.com/browse/CONTOOLSQE-2898, change the status to VERIFIED

Comment 34 errata-xmlrpc 2023-11-02 15:49:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2023:6290 https://access.redhat.com/errata/RHSA-2023:6290

Comment 35 errata-xmlrpc 2023-11-08 08:17:15 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2023:6793 https://access.redhat.com/errata/RHSA-2023:6793

Comment 36 errata-xmlrpc 2023-11-08 15:39:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:6823 https://access.redhat.com/errata/RHSA-2023:6823

Comment 37 errata-xmlrpc 2023-11-13 09:01:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:6885 https://access.redhat.com/errata/RHSA-2023:6885


Note You need to log in before you can comment on or make changes to this bug.