Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-41419: Vulnerability in gevent.pywsgi.WSGIServer · Issue #1989 · gevent/gevent

An issue in Gevent Gevent before version 23.9.1 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.

CVE
#vulnerability#linux
  • gevent version: 23.7.0 (pypi)
  • Python version: 3.8.15
  • Operating System: Linux

CVE-2023-41419 has been assigned to this issue. Fixed in 23.9.0.

Description

Previously, carefully crafted invalid trailers in chunked requests on keep-alive connections might appear as two requests to gevent.pywsgi. Because this was handled exactly as a normal keep-alive connection with two requests, the WSGI application should handle it normally. However, if you were counting on some upstream server to filter incoming requests based on paths or header fields, and the upstream server simply passed trailers through without validating them, then this embedded second request would bypass those checks. (If the upstream server validated that the trailers meet the HTTP specification, this could not occur, because characters that are required in an HTTP request, like a space, are not allowed in trailers.) (source - docs/changes/1989.bugfix)

Payload

POST /path1 HTTP/1.1 Host: a.com Transfer-Encoding: chunked Connection: keep-alive

2 a2 0 Header: value POST /path2?a=:123 HTTP/1.1 Host: a.com Connection: close

Credit

Fixed by @jamadden.
Reported by Keran Mu (@mukeran) and Jianjun Chen (@chenjj), from Tsinghua University and Zhongguancun Laboratory.

Related news

Red Hat Security Advisory 2024-8105-03

Red Hat Security Advisory 2024-8105-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2024-8102-03

Red Hat Security Advisory 2024-8102-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2024-7785-03

Red Hat Security Advisory 2024-7785-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2024-7421-03

Red Hat Security Advisory 2024-7421-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2023-7438-01

Red Hat Security Advisory 2023-7438-01 - An update for python-gevent is now available for Red Hat OpenStack Platform 17.1.1. Issues addressed include a privilege escalation vulnerability.

GHSA-x7m3-jprg-wc5g: Gevent allows remote attacker to escalate privileges

An issue in Gevent Gevent before version 23.9.1 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907