Bug#1065688: python-jwcrypto: CVE-2024-28102

Tue, 30 Apr 2024 09:24:18 -0700 

Hi!

On Fri, Mar 08, 2024 at 10:42:40PM +0100, Salvatore Bonaccorso wrote:
>Source: python-jwcrypto
>Version: 1.5.4-1
>Severity: important
>Tags: security upstream
>X-Debbugs-Cc: car...@debian.org, Debian Security Team 
><t...@security.debian.org>
>
>Hi,
>
>The following vulnerability was published for python-jwcrypto.
>
>CVE-2024-28102[0]:
>| JWCrypto implements JWK, JWS, and JWE specifications using python-
>| cryptography. Prior to version 1.5.6, an attacker can cause a denial
>| of service attack by passing in a malicious JWE Token with a high
>| compression ratio. When the server processes this token, it will
>| consume a lot of memory and processing time. Version 1.5.6 fixes
>| this vulnerability by limiting the maximum token length.

We wanted this fixed in Pexip, so I've taken a look at this bug.

The upstream bugfix just needs a small rework so it applies cleanly to
the version in bookworm. Here's a debdiff for that that in case it's
useful.

-- 
Steve McIntyre, Cambridge, UK.                                st...@einval.com
Can't keep my eyes from the circling sky,
Tongue-tied & twisted, Just an earth-bound misfit, I...

diff -Nru python-jwcrypto-1.1.0/debian/changelog 
python-jwcrypto-1.1.0/debian/changelog
--- python-jwcrypto-1.1.0/debian/changelog      2022-03-29 08:33:50.000000000 
+0100
+++ python-jwcrypto-1.1.0/debian/changelog      2024-04-26 17:18:31.000000000 
+0100
@@ -1,3 +1,10 @@
+python-jwcrypto (1.1.0-1+deb12u1) unstable; urgency=medium
+
+  * Apply and tweak upstream security fix for CVE-2024-28102
+    Address potential DoS with high compression ratio
+
+ -- Steve McIntyre <steve.mcint...@pexip.com>  Fri, 26 Apr 2024 17:18:31 +0100
+
 python-jwcrypto (1.1.0-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru python-jwcrypto-1.1.0/debian/patches/CVE-2024-28102.patch 
python-jwcrypto-1.1.0/debian/patches/CVE-2024-28102.patch
--- python-jwcrypto-1.1.0/debian/patches/CVE-2024-28102.patch   1970-01-01 
01:00:00.000000000 +0100
+++ python-jwcrypto-1.1.0/debian/patches/CVE-2024-28102.patch   2024-04-26 
17:18:31.000000000 +0100
@@ -0,0 +1,72 @@
+commit 90477a3b6e73da69740e00b8161f53fea19b831f
+Author: Simo Sorce <s...@redhat.com>
+Date:   Tue Mar 5 16:57:17 2024 -0500
+
+    Address potential DoS with high compression ratio
+    
+    Fixes CVE-2024-28102
+    
+    Signed-off-by: Simo Sorce <s...@redhat.com>
+
+Index: os-python-jwcrypto/jwcrypto/jwe.py
+===================================================================
+--- os-python-jwcrypto.orig/jwcrypto/jwe.py
++++ os-python-jwcrypto/jwcrypto/jwe.py
+@@ -9,6 +9,9 @@ from jwcrypto.common import base64url_de
+ from jwcrypto.common import json_decode, json_encode
+ from jwcrypto.jwa import JWA
+ 
++# Limit the amount of data we are willing to decompress by default.
++default_max_compressed_size = 256 * 1024
++
+ 
+ # RFC 7516 - 4.1
+ # name: (description, supported?)
+@@ -387,6 +390,10 @@ class JWE:
+ 
+         compress = jh.get('zip', None)
+         if compress == 'DEF':
++            if len(data) > default_max_compressed_size:
++                raise InvalidJWEData(
++                    'Compressed data exceeds maximum allowed'
++                    'size' + f' ({default_max_compressed_size})')
+             self.plaintext = zlib.decompress(data, -zlib.MAX_WBITS)
+         elif compress is None:
+             self.plaintext = data
+Index: os-python-jwcrypto/jwcrypto/tests.py
+===================================================================
+--- os-python-jwcrypto.orig/jwcrypto/tests.py
++++ os-python-jwcrypto/jwcrypto/tests.py
+@@ -1716,6 +1716,32 @@ class ConformanceTests(unittest.TestCase
+         check.decrypt(key)
+         self.assertEqual(check.payload, b'plain')
+ 
++    def test_jwe_decompression_max(self):
++        key = jwk.JWK(kty='oct', k=base64url_encode(b'A' * (128 // 8)))
++        payload = '{"u": "' + "u" * 400000000 + '", "uu":"' \
++            + "u" * 400000000 + '"}'
++        protected_header = {
++            "alg": "A128KW",
++            "enc": "A128GCM",
++            "typ": "JWE",
++            "zip": "DEF",
++        }
++        enc = jwe.JWE(payload.encode('utf-8'),
++                      recipient=key,
++                      protected=protected_header).serialize(compact=True)
++        with self.assertRaises(jwe.InvalidJWEData):
++            check = jwe.JWE()
++            check.deserialize(enc)
++            check.decrypt(key)
++
++        defmax = jwe.default_max_compressed_size
++        jwe.default_max_compressed_size = 1000000000
++        # ensure we can eraise the limit and decrypt
++        check = jwe.JWE()
++        check.deserialize(enc)
++        check.decrypt(key)
++        jwe.default_max_compressed_size = defmax
++
+ 
+ class JWATests(unittest.TestCase):
+     def test_jwa_create(self):
diff -Nru python-jwcrypto-1.1.0/debian/patches/series 
python-jwcrypto-1.1.0/debian/patches/series
--- python-jwcrypto-1.1.0/debian/patches/series 1970-01-01 01:00:00.000000000 
+0100
+++ python-jwcrypto-1.1.0/debian/patches/series 2024-04-26 17:18:31.000000000 
+0100
@@ -0,0 +1 @@
+CVE-2024-28102.patch

Reply via email to