PyPI: cryptography
CVE-2024-0727
Safety vulnerability ID: SFTY-20240126-91831
Safety legacy ID: pyup.io-71680
The cryptography library has updated its OpenSSL dependency in CI due to security concerns. This vulnerability arises when processing maliciously formatted PKCS12 files, which can cause OpenSSL to crash, leading to a potential Denial of Service (DoS) attack. PKCS12 files, often containing certificates and keys, may come from untrusted sources. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly handle these cases, resulting in a NULL pointer dereference and subsequent crash. Applications using OpenSSL APIs, such as PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes(), and PKCS12_newpass(), are vulnerable if they process PKCS12 files from untrusted sources. Although a similar issue in SMIME_write_PKCS7() was fixed, it is not considered significant for security as it pertains to data writing. This issue does not affect the FIPS modules in versions 3.2, 3.1, and 3.0.
Overview
Null pointer dereference in PKCS12 parsing
Advisory
The cryptography library has updated its OpenSSL dependency in CI due to security concerns. This vulnerability arises when processing maliciously formatted PKCS12 files, which can cause OpenSSL to crash, leading to a potential Denial of Service (DoS) attack. PKCS12 files, often containing certificates and keys, may come from untrusted sources. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly handle these cases, resulting in a NULL pointer dereference and subsequent crash. Applications using OpenSSL APIs, such as PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes(), and PKCS12_newpass(), are vulnerable if they process PKCS12 files from untrusted sources. Although a similar issue in SMIME_write_PKCS7() was fixed, it is not considered significant for security as it pertains to data writing. This issue does not affect the FIPS modules in versions 3.2, 3.1, and 3.0.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20240126-91831/CVE-2024-0727
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727
- https://github.com/advisories/GHSA-9v9h-cgj8-h64p
- https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d
- https://nvd.nist.gov/vuln/detail/CVE-2024-0727
- https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2
- https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a
- https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c
- https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8
- https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539
- https://www.openssl.org/news/secadv/20240125.txt
- https://github.com/github/advisory-database/pull/3472
- https://github.com/openssl/openssl/pull/23362
- https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2
- https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d
- https://security.netapp.com/advisory/ntap-20240208-0006
- http://www.openwall.com/lists/oss-security/2024/03/11/1
- https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html
- https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html
- https://github.com/advisories/GHSA-9v9h-cgj8-h64p
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more