search

rclement / mailer

Dead-simple mailer micro-service for static websites
https://rclement.github.io/mailer/
GNU Affero General Public License v3.0
59 stars 8 forks source link

Update dependency cryptography to v41.0.6 [SECURITY] #835

Closed renovate[bot] closed 11 months ago

renovate[bot] commented 11 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
cryptography (changelog) ==41.0.5 -> ==41.0.6 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-49083

Summary

Calling load_pem_pkcs7_certificates or load_der_pkcs7_certificates could lead to a NULL-pointer dereference and segfault.

PoC

Here is a Python code that triggers the issue:

from cryptography.hazmat.primitives.serialization.pkcs7 import load_der_pkcs7_certificates, load_pem_pkcs7_certificates

pem_p7 = b"""
-----BEGIN PKCS7-----
MAsGCSqGSIb3DQEHAg==
-----END PKCS7-----
"""

der_p7 = b"\x30\x0B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x02"

load_pem_pkcs7_certificates(pem_p7)
load_der_pkcs7_certificates(der_p7)

Impact

Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability.

Release Notes

pyca/cryptography (cryptography) ### [`v41.0.6`](https://togithub.com/pyca/cryptography/compare/41.0.5...41.0.6) [Compare Source](https://togithub.com/pyca/cryptography/compare/41.0.5...41.0.6)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

codecov[bot] commented 11 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (6684b0c) 100.00% compared to head (daf920f) 100.00%.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #835 +/- ## ========================================= Coverage 100.00% 100.00% ========================================= Files 14 14 Lines 834 834 Branches 62 62 ========================================= Hits 834 834 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.