Описание
A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.
Отчет
This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.
Меры по смягчению последствий
To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/lightspeed-rhel8 | Will not fix | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-25/ee-supported-rhel8 | Affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-25/lightspeed-rhel8 | Affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-26/ansible-dev-tools-rhel9 | Affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-26/controller-rhel9 | Affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-26/eda-controller-rhel9 | Affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-26/ee-minimal-rhel9 | Affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-26/ee-supported-rhel9 | Affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-26/hub-rhel9 | Affected | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-26/lightspeed-rhel9 | Affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
(pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in ...)
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in ...
EPSS
8.1 High
CVSS3