Hi! On Fri, Mar 08, 2024 at 10:42:40PM +0100, Salvatore Bonaccorso wrote: >Source: python-jwcrypto >Version: 1.5.4-1 >Severity: important >Tags: security upstream >X-Debbugs-Cc: car...@debian.org, Debian Security Team ><t...@security.debian.org> > >Hi, > >The following vulnerability was published for python-jwcrypto. > >CVE-2024-28102[0]: >| JWCrypto implements JWK, JWS, and JWE specifications using python- >| cryptography. Prior to version 1.5.6, an attacker can cause a denial >| of service attack by passing in a malicious JWE Token with a high >| compression ratio. When the server processes this token, it will >| consume a lot of memory and processing time. Version 1.5.6 fixes >| this vulnerability by limiting the maximum token length.
We wanted this fixed in Pexip, so I've taken a look at this bug. The upstream bugfix just needs a small rework so it applies cleanly to the version in bookworm. Here's a debdiff for that that in case it's useful. -- Steve McIntyre, Cambridge, UK. st...@einval.com Can't keep my eyes from the circling sky, Tongue-tied & twisted, Just an earth-bound misfit, I...
diff -Nru python-jwcrypto-1.1.0/debian/changelog python-jwcrypto-1.1.0/debian/changelog --- python-jwcrypto-1.1.0/debian/changelog 2022-03-29 08:33:50.000000000 +0100 +++ python-jwcrypto-1.1.0/debian/changelog 2024-04-26 17:18:31.000000000 +0100 @@ -1,3 +1,10 @@ +python-jwcrypto (1.1.0-1+deb12u1) unstable; urgency=medium + + * Apply and tweak upstream security fix for CVE-2024-28102 + Address potential DoS with high compression ratio + + -- Steve McIntyre <steve.mcint...@pexip.com> Fri, 26 Apr 2024 17:18:31 +0100 + python-jwcrypto (1.1.0-1) unstable; urgency=medium * New upstream release. diff -Nru python-jwcrypto-1.1.0/debian/patches/CVE-2024-28102.patch python-jwcrypto-1.1.0/debian/patches/CVE-2024-28102.patch --- python-jwcrypto-1.1.0/debian/patches/CVE-2024-28102.patch 1970-01-01 01:00:00.000000000 +0100 +++ python-jwcrypto-1.1.0/debian/patches/CVE-2024-28102.patch 2024-04-26 17:18:31.000000000 +0100 @@ -0,0 +1,72 @@ +commit 90477a3b6e73da69740e00b8161f53fea19b831f +Author: Simo Sorce <s...@redhat.com> +Date: Tue Mar 5 16:57:17 2024 -0500 + + Address potential DoS with high compression ratio + + Fixes CVE-2024-28102 + + Signed-off-by: Simo Sorce <s...@redhat.com> + +Index: os-python-jwcrypto/jwcrypto/jwe.py +=================================================================== +--- os-python-jwcrypto.orig/jwcrypto/jwe.py ++++ os-python-jwcrypto/jwcrypto/jwe.py +@@ -9,6 +9,9 @@ from jwcrypto.common import base64url_de + from jwcrypto.common import json_decode, json_encode + from jwcrypto.jwa import JWA + ++# Limit the amount of data we are willing to decompress by default. ++default_max_compressed_size = 256 * 1024 ++ + + # RFC 7516 - 4.1 + # name: (description, supported?) +@@ -387,6 +390,10 @@ class JWE: + + compress = jh.get('zip', None) + if compress == 'DEF': ++ if len(data) > default_max_compressed_size: ++ raise InvalidJWEData( ++ 'Compressed data exceeds maximum allowed' ++ 'size' + f' ({default_max_compressed_size})') + self.plaintext = zlib.decompress(data, -zlib.MAX_WBITS) + elif compress is None: + self.plaintext = data +Index: os-python-jwcrypto/jwcrypto/tests.py +=================================================================== +--- os-python-jwcrypto.orig/jwcrypto/tests.py ++++ os-python-jwcrypto/jwcrypto/tests.py +@@ -1716,6 +1716,32 @@ class ConformanceTests(unittest.TestCase + check.decrypt(key) + self.assertEqual(check.payload, b'plain') + ++ def test_jwe_decompression_max(self): ++ key = jwk.JWK(kty='oct', k=base64url_encode(b'A' * (128 // 8))) ++ payload = '{"u": "' + "u" * 400000000 + '", "uu":"' \ ++ + "u" * 400000000 + '"}' ++ protected_header = { ++ "alg": "A128KW", ++ "enc": "A128GCM", ++ "typ": "JWE", ++ "zip": "DEF", ++ } ++ enc = jwe.JWE(payload.encode('utf-8'), ++ recipient=key, ++ protected=protected_header).serialize(compact=True) ++ with self.assertRaises(jwe.InvalidJWEData): ++ check = jwe.JWE() ++ check.deserialize(enc) ++ check.decrypt(key) ++ ++ defmax = jwe.default_max_compressed_size ++ jwe.default_max_compressed_size = 1000000000 ++ # ensure we can eraise the limit and decrypt ++ check = jwe.JWE() ++ check.deserialize(enc) ++ check.decrypt(key) ++ jwe.default_max_compressed_size = defmax ++ + + class JWATests(unittest.TestCase): + def test_jwa_create(self): diff -Nru python-jwcrypto-1.1.0/debian/patches/series python-jwcrypto-1.1.0/debian/patches/series --- python-jwcrypto-1.1.0/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ python-jwcrypto-1.1.0/debian/patches/series 2024-04-26 17:18:31.000000000 +0100 @@ -0,0 +1 @@ +CVE-2024-28102.patch