CVE-2023-38325
Improper Handling of SSH Certificates vulnerability in cryptography (PyPI)
What is CVE-2023-38325 About?
The cryptography package before 41.0.2 for Python contains an issue where it mishandles SSH certificates with critical options. This could lead to a bypass of intended security restrictions or unauthorized access. The exact exploitation mechanism is not detailed, but it likely involves crafting a malformed SSH certificate.
Affected Software
Technical Details
The vulnerability CVE-2023-38325 in the Python cryptography package, affecting versions prior to 41.0.2, stems from its improper handling of SSH certificates that contain 'critical options.' SSH certificates can include various fields, including extensions and critical options, which dictate specific usage constraints or security policies. When the cryptography package processes such a certificate, it fails to correctly parse, validate, or enforce these critical options. This misinterpretation or oversight could allow an attacker to craft an SSH certificate that, despite containing critical options meant to impose restrictions, is accepted or processed in a way that bypasses those restrictions, potentially leading to unauthorized access, privilege escalation, or other security policy violations during SSH authentication or authorization within applications relying on this package.
What is the Impact of CVE-2023-38325?
Successful exploitation may allow attackers to bypass security restrictions imposed by SSH certificates, leading to unauthorized access, privilege escalation, or other security policy violations.
What is the Exploitability of CVE-2023-38325?
The complexity for exploiting this vulnerability is likely moderate to high, as it requires specific knowledge of SSH certificate structures, critical options, and how the cryptography package processes them. Exploitation would involve crafting a malicious SSH certificate. Authentication requirements would depend on the context of SSH certificate usage; it could involve presenting a malformed certificate during an authentication attempt. Privilege requirements would be low on the attacker's side since they are crafting the input, but the impact could lead to higher privileges on the target. Exploitation is typically remote where an attacker presents the crafted certificate to an SSH server or client using the vulnerable package. Special conditions include the target system's reliance on the vulnerable cryptography package for SSH certificate validation. The likelihood of exploitation increases if the target system frequently processes SSH certificates from untrusted sources.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-38325?
Available Upgrade Options
- cryptography
- >40.0.0, <41.0.2 → Upgrade to 41.0.2
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/pyca/cryptography/issues/9207
- https://pypi.org/project/cryptography/#history
- https://osv.dev/vulnerability/GHSA-cf7p-gm2m-833m
- https://github.com/pyca/cryptography/issues/9207
- https://github.com/pyca/cryptography/compare/41.0.1...41.0.2
- https://security.netapp.com/advisory/ntap-20230824-0010
- https://pypi.org/project/cryptography/#history
- https://github.com/pyca/cryptography/issues/9207
- https://pypi.org/project/cryptography/#history
- https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-112.yaml
What are Similar Vulnerabilities to CVE-2023-38325?
Similar Vulnerabilities: CVE-2020-14309 , CVE-2023-42426 , CVE-2021-4191 , CVE-2021-32520 , CVE-2021-43267
