{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-49083", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-11-21T18:57:30.428Z", "datePublished": "2023-11-29T18:50:24.263Z", "dateUpdated": "2024-08-02T21:46:29.207Z"}, "containers": {"cna": {"title": "cryptography vulnerable to NULL-dereference when loading PKCS7 certificates", "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "lang": "en", "description": "CWE-476: NULL Pointer Dereference", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97"}, {"name": "https://github.com/pyca/cryptography/pull/9926", "tags": ["x_refsource_MISC"], "url": "https://github.com/pyca/cryptography/pull/9926"}, {"name": "https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a", "tags": ["x_refsource_MISC"], "url": "https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/"}], "affected": [{"vendor": "pyca", "product": "cryptography", "versions": [{"version": ">= 3.1, < 41.0.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-05T01:28:16.238Z"}, "descriptions": [{"lang": "en", "value": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6."}], "source": {"advisory": "GHSA-jfhm-5ghh-2f97", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:46:29.207Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97"}, {"name": "https://github.com/pyca/cryptography/pull/9926", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pyca/cryptography/pull/9926"}, {"name": "https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*", "matchCriteriaId": "EB8793E0-61EC-45EC-8818-44A40DB08658", "versionEndExcluding": "41.0.6", "versionStartIncluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6."}, {"lang": "es", "value": "cryptography es un paquete dise\u00f1ado para exponer recetas y primitivas criptogr\u00e1ficas a los desarrolladores de Python. Llamar a `load_pem_pkcs7_certificates` o `load_der_pkcs7_certificates` podr\u00eda provocar una desreferencia de puntero NULL y un error de segmentaci\u00f3n. La explotaci\u00f3n de esta vulnerabilidad plantea un grave riesgo de Denegaci\u00f3n de Servicio (DoS) para cualquier aplicaci\u00f3n que intente deserializar un blob/certificado PKCS7. Las consecuencias se extienden a posibles interrupciones en la disponibilidad y estabilidad del sistema. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 41.0.6."}], "id": "CVE-2023-49083", "lastModified": "2024-11-21T08:32:47.163", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-29T19:15:07.967", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/pyca/cryptography/pull/9926"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/pyca/cryptography/pull/9926"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:1640", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "automation-controller-0:4.5.5-2.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-04-02T00:00:00Z"}, {"advisory": "RHSA-2024:3781", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "python3x-cryptography-0:42.0.5-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-06-10T00:00:00Z"}, {"advisory": "RHSA-2024:1640", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "automation-controller-0:4.5.5-2.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2024-04-02T00:00:00Z"}, {"advisory": "RHSA-2024:3781", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "python-cryptography-0:42.0.5-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2024-06-10T00:00:00Z"}, {"advisory": "RHSA-2024:3105", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python3.11-cryptography-0:37.0.2-6.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:2337", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "python3.11-cryptography-0:37.0.2-6.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:1878", "cpe": "cpe:/a:redhat:rhui:4::el8", "package": "python-cryptography-0:41.0.6-1.el8ui", "product_name": "RHUI 4 for RHEL 8", "release_date": "2024-04-18T00:00:00Z"}], "bugzilla": {"description": "python-cryptography: NULL-dereference when loading PKCS7 certificates", "id": "2255331", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255331"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.", "A null-pointer dereference vulnerability was found in python-cryptography during the loading of PKCS7 certificates. Invoking \"load_pem_pkcs7_certificates\" or \"load_der_pkcs7_certificates\" can trigger this issue and lead to subsequent segmentation fault and result in a Denial of Service (DoS) for any application aiming to deserialize a PKCS7 blob or certificate. The potential impact includes disruptions in system availability and stability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-49083", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "python3x-ansible-compat", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "python-ansible-compat", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:4", "fix_state": "Affected", "package_name": "ansible-runner-service", "product_name": "Red Hat Ceph Storage 4"}, {"cpe": "cpe:/a:redhat:certifications:1::el8", "fix_state": "Affected", "package_name": "redhat-certification-baremetal-container", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:discovery:1.0::el8", "fix_state": "Will not fix", "package_name": "discovery-server-container", "product_name": "Red Hat Discovery"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "python-cryptography", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python39:3.9/python-cryptography", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python-cryptography", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "python-cryptography", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-python38-python-cryptography", "product_name": "Red Hat Software Collections"}], "public_date": "2023-11-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-49083\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-49083\nhttps://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a\nhttps://github.com/pyca/cryptography/pull/9926\nhttps://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97"], "statement": "This vulnerability arises when functions like \"load_pem_pkcs7_certificates\" or \"load_der_pkcs7_certificates\" are invoked, triggering the issue during the deserialization of PKCS7 blobs or certificates. The moderate rating is based on the fact that the vulnerability can lead to a segmentation fault, posing a risk of disrupting the normal functioning of any application attempting to deserialize the mentioned certificates. While the impact is significant in terms of service denial and potential system instability, the severity is deemed moderate as it does not directly expose sensitive data or allow for remote code execution, focusing primarily on the localized consequences of a DoS scenario.", "threat_severity": "Moderate", "upstream_fix": "python-cryptography 41.0.6"}