Описание
A flaw was found in pyOpenSSL. The set_tlsext_servername_callback callback function can be used to implement Server Name Indication (SNI) during the TLS handshake. When the callback raises an unhandled exception, the handshake incorrectly proceeds instead of terminating. This fail-open behavior can allow an attacker to bypass SNI-based security controls and access restricted endpoints.
Отчет
This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_tlsext_servername_callback function. For the handshake to proceed incorrectly, the callback must raise an unhandled exception, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.
Меры по смягчению последствий
To mitigate this flaw, ensure the callback provided to the set_tlsext_servername_callback function is wrapped in a try/except block. This block should explicitly return a failure code instead of allowing the exception to propagate.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/lightspeed-rhel8 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-25/ee-supported-rhel8 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-25/lightspeed-rhel8 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-26/ansible-dev-tools-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-26/controller-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-26/eda-controller-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-26/ee-minimal-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-26/ee-supported-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-26/hub-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-26/lightspeed-rhel9 | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
(pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in ...)
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.
pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in ...
pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
EPSS
5.4 Medium
CVSS3