CVE-2024-6923

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Aug 1, 2024 / Updated: 3mo ago

010
CVSS 5.5EPSS 0.05%Medium
CVE info copied to clipboard

Summary

There is a vulnerability affecting CPython. The email module didn't properly quote newlines for email headers when serializing an email message, allowing for header injection when an email is serialized.

Impact

This vulnerability could allow an attacker to perform header injection attacks, potentially leading to code injection. The CVSS v3 base score is 6.8, indicating a MEDIUM severity. However, both confidentiality and integrity impacts are rated as HIGH, while availability impact is NONE. The attack vector is NETWORK, requiring no user interaction, but with HIGH attack complexity and LOW privileges required. This suggests that while the attack may be difficult to execute, it could have significant consequences if successfully exploited, particularly in terms of data confidentiality and integrity.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability was reported on 2024-08-01, and patch details were added on the same day. The patch can be found in the Red Hat Bugzilla system, accessible at https://bugzilla.redhat.com/show_bug.cgi?id=2302255.

Mitigation

1. Apply the available patch as soon as possible, prioritizing systems that handle sensitive email communications or are exposed to untrusted network environments. 2. If immediate patching is not possible, consider implementing additional input validation and sanitization for email headers, especially when serializing email messages. 3. Monitor and log any unusual activities related to email processing in CPython applications. 4. Restrict network access to systems using the affected CPython versions where possible. 5. Keep CPython and related libraries up-to-date with the latest security patches.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Timeline

CVE Assignment

NVD published the first details for CVE-2024-6923

Aug 1, 2024 at 2:15 PM
First Article

Feedly found the first article mentioning CVE-2024-6923. See article

Aug 1, 2024 at 2:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Aug 1, 2024 at 2:24 PM
CVSS

A CVSS base score of 5.5 has been assigned.

Aug 1, 2024 at 7:40 PM / nvd
Vendor Advisory

RedHat CVE advisory released a security advisory (CVE-2024-6923).

Aug 1, 2024 at 9:26 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.3%)

Aug 6, 2024 at 11:06 AM
CVSS

A CVSS base score of 5.5 has been assigned.

Aug 7, 2024 at 3:20 PM / nvd
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (286040)

Aug 12, 2024 at 7:53 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (205379)

Aug 12, 2024 at 11:15 AM
Static CVE Timeline Graph

Affected Systems

Python/cpython
+null more

Patches

bugzilla.redhat.com
+null more

Attack Patterns

CAPEC-242: Code Injection
+null more

Vendor Advisory

Oracle Linux Bulletin - October 2024
Oracle Id: linuxbulletinoct2024 Release Date: 2024-10-15 Update Date: 2024-10-15 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin. Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next scheduled bulletin publication date. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle Linux Bulletin security patches as soon as possible. Oracle Linux Risk Matrix (Revision: 1 Published on 2024-10-15) CVE-2024-3596 CVSS Base Score :9.0 CVSS Vector :CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Product :

References

SUSE update for SUSE Manager Salt Bundle
Update the affected package SUSE Manager Salt Bundle to the latest version. Update the affected package SUSE Manager Salt Bundle to the latest version.
Amazon Linux 2 : python38 (ALASPYTHON3.8-2024-016)
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
ALASPYTHON3.8-2024-016 (important): python38
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
See 4 more references

News

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Python vulnerabilities (USN-7015-5)
Nessus Plugin ID 211587 with High Severity Synopsis The remote Ubuntu host is missing one or more security updates. Description The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7015-5 advisory. USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2024-6232 and CVE-2024-6923 for python2.7 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Tenable has extracted the preceding description block directly from the Ubuntu security advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/211587
Ubuntu 7015-5: Python Security Advisory Updates
Several security issues were fixed in Python.
Security: Mehrere Probleme in Python (Ubuntu)
attacker could possibly use this issue to cause Python to consume It was discovered that the Python email module incorrectly quoted newlines
Ubuntu update for python2.7
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
USN-7015-5: Python vulnerabilities
A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. (CVE-2024-6923) It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters.
See 230 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:Required
Scope:Unchanged
Confidentiality:Low
Integrity:Low
Availability Impact:Low

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI