Bug 1083507 - (CVE-2017-18207) VUL-0: CVE-2017-18207: python,python3: The Wave_read._read_fmt_chunk function in Lib/wave.py does not ensure a nonzero channel value, which allows attackers to cause a denial of service
(CVE-2017-18207)
VUL-0: CVE-2017-18207: python,python3: The Wave_read._read_fmt_chunk function...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/201051/
obs:running:11857:important CVSSv3:NV...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-01 13:43 UTC by Karol Babioch
Modified: 2022-06-10 08:40 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
reproducer (66.51 KB, audio/x-wav)
2018-03-01 13:43 UTC, Karol Babioch
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-03-01 13:43:09 UTC
CVE-2017-18207

The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4
does not ensure a nonzero channel value, which allows attackers to cause a
denial of service (divide-by-zero error and application crash) via a crafted wav
format audio file.

Upstream fix: https://github.com/python/cpython/pull/4437/files

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18207
https://bugs.python.org/issue32056
Comment 1 Karol Babioch 2018-03-01 13:43:42 UTC
Created attachment 762319 [details]
reproducer
Comment 2 Karol Babioch 2018-03-01 13:44:49 UTC
All codestreams are affected for both python2 and python3.

Reproducer can be triggered in the following way:

Downloads python2
Python 2.7.13 (default, Jan 03 2017, 17:41:54) [GCC] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import wave
>>> wave.open('audio-testcase.wav')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/wave.py", line 511, in open
    return Wave_read(f)
  File "/usr/lib64/python2.7/wave.py", line 164, in __init__
    self.initfp(f)
  File "/usr/lib64/python2.7/wave.py", line 150, in initfp
    self._nframes = chunk.chunksize // self._framesize
ZeroDivisionError: integer division or modulo by zero
Comment 3 Karol Babioch 2018-03-01 13:45:44 UTC
Python3 output:

Downloads python3
Python 3.4.6 (default, Mar 22 2017, 12:26:13) [GCC] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import wave
>>> wave.open('audio-testcase.wav')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python3.4/wave.py", line 499, in open
    return Wave_read(f)
  File "/usr/lib64/python3.4/wave.py", line 163, in __init__
    self.initfp(f)
  File "/usr/lib64/python3.4/wave.py", line 149, in initfp
    self._nframes = chunk.chunksize // self._framesize
ZeroDivisionError: integer division or modulo by zero
Comment 6 Swamp Workflow Management 2018-04-12 19:08:19 UTC
SUSE-SU-2018:0934-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1083507
CVE References: CVE-2017-18207
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    python3-base-3.4.6-25.7.1
SUSE Linux Enterprise Server 12-SP3 (src):    python3-3.4.6-25.7.1, python3-base-3.4.6-25.7.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    python3-3.4.6-25.7.1, python3-base-3.4.6-25.7.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    python3-3.4.6-25.7.1, python3-base-3.4.6-25.7.1
Comment 7 Swamp Workflow Management 2018-04-17 01:08:50 UTC
openSUSE-SU-2018:0966-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1083507
CVE References: CVE-2017-18207
Sources used:
openSUSE Leap 42.3 (src):    python3-3.4.6-12.3.1, python3-base-3.4.6-12.3.1, python3-doc-3.4.6-12.3.2
Comment 11 Swamp Workflow Management 2018-06-12 14:14:31 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2018-06-26.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64059
Comment 12 Swamp Workflow Management 2018-06-22 16:11:12 UTC
SUSE-SU-2018:1786-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1083507
CVE References: CVE-2017-18207
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    python-2.6.9-40.6.2, python-base-2.6.9-40.6.2, python-doc-2.6-8.40.6.2
SUSE Linux Enterprise Server 11-SP4 (src):    python-2.6.9-40.6.2, python-base-2.6.9-40.6.2, python-doc-2.6-8.40.6.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    python-2.6.9-40.6.2, python-base-2.6.9-40.6.2
Comment 16 Swamp Workflow Management 2018-07-23 13:11:48 UTC
SUSE-SU-2018:2040-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1083507
CVE References: CVE-2017-18207
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    python-base-2.7.13-28.6.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    python-base-2.7.13-28.6.1
SUSE Linux Enterprise Server 12-SP3 (src):    python-2.7.13-28.6.1, python-base-2.7.13-28.6.1, python-doc-2.7.13-28.6.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    python-2.7.13-28.6.1, python-base-2.7.13-28.6.1
SUSE Enterprise Storage 5 (src):    python-2.7.13-28.6.1
SUSE CaaS Platform ALL (src):    python-2.7.13-28.6.1, python-base-2.7.13-28.6.1
OpenStack Cloud Magnum Orchestration 7 (src):    python-2.7.13-28.6.1, python-base-2.7.13-28.6.1
Comment 17 Swamp Workflow Management 2018-07-28 14:02:51 UTC
openSUSE-SU-2018:2126-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1083507
CVE References: CVE-2017-18207
Sources used:
openSUSE Leap 42.3 (src):    python-2.7.13-27.6.1, python-base-2.7.13-27.6.1, python-doc-2.7.13-27.6.1
Comment 18 Swamp Workflow Management 2018-08-24 16:08:13 UTC
SUSE-SU-2018:2493-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1083507
CVE References: CVE-2017-18207
Sources used:
SUSE CaaS Platform 3.0 (src):    python-2.7.13-28.11.1, python-base-2.7.13-28.11.2
Comment 25 Tomáš Chvátal 2020-01-10 14:03:11 UTC
This was already done.
Comment 27 Swamp Workflow Management 2020-01-16 14:13:15 UTC
SUSE-SU-2020:0114-1: An update that solves 26 vulnerabilities and has 30 fixes is now available.

Category: security (important)
Bug References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2, python3-doc-3.6.10-3.42.3
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2, python3-doc-3.6.10-3.42.3
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    python3-base-3.6.10-3.42.2
SUSE Linux Enterprise Module for Development Tools 15 (src):    python3-base-3.6.10-3.42.2
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2
SUSE Linux Enterprise Module for Basesystem 15 (src):    python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Swamp Workflow Management 2020-01-21 20:15:46 UTC
openSUSE-SU-2020:0086-1: An update that solves 26 vulnerabilities and has 30 fixes is now available.

Category: security (important)
Bug References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947
Sources used:
openSUSE Leap 15.1 (src):    python3-3.6.10-lp151.6.7.1, python3-base-3.6.10-lp151.6.7.1
Comment 29 Swamp Workflow Management 2020-01-24 20:12:37 UTC
SUSE-SU-2020:0234-1: An update that solves 37 vulnerabilities and has 50 fixes is now available.

Category: security (important)
Bug References: 1027282,1041090,1042670,1068664,1073269,1073748,1078326,1078485,1079300,1081750,1083507,1084650,1086001,1088004,1088009,1109847,1111793,1113755,1122191,1129346,1130840,1130847,1138459,1141853,1149792,1149955,1153238,1153830,1159035,214983,298378,346490,367853,379534,380942,399190,406051,425138,426563,430761,432677,436966,437293,441088,462375,525295,534721,551715,572673,577032,581765,603255,617751,637176,638233,658604,673071,682554,697251,707667,718009,747125,747794,751718,754447,766778,794139,804978,827982,831442,834601,836739,856835,856836,857470,863741,885882,898572,901715,935856,945401,964182,984751,985177,985348,989523,997436
CVE References: CVE-2007-2052,CVE-2008-1721,CVE-2008-2315,CVE-2008-2316,CVE-2008-3142,CVE-2008-3143,CVE-2008-3144,CVE-2011-1521,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-1753,CVE-2013-4238,CVE-2014-1912,CVE-2014-4650,CVE-2014-7185,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-1000158,CVE-2017-18207,CVE-2018-1000030,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20852,CVE-2019-10160,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947,CVE-2019-9948
Sources used:
SUSE Linux Enterprise Module for Python2 15-SP1 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1, python-doc-2.7.17-7.32.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    python-2.7.17-7.32.2, python-doc-2.7.17-7.32.2
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    python-2.7.17-7.32.2
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    python-2.7.17-7.32.2
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 30 Swamp Workflow Management 2020-02-03 17:12:46 UTC
SUSE-SU-2020:0302-1: An update that solves 10 vulnerabilities and has 11 fixes is now available.

Category: security (important)
Bug References: 1027282,1029377,1081750,1083507,1086001,1088009,1094814,1109663,1137942,1138459,1141853,1149121,1149429,1149792,1149955,1151490,1159035,1159622,709442,951166,983582
CVE References: CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    python36-3.6.10-4.3.5, python36-base-3.6.10-4.3.5

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 33 Alexandros Toptsoglou 2020-04-29 13:37:08 UTC
Done
Comment 38 OBSbugzilla Bot 2020-11-27 16:41:06 UTC
This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/851367 Factory / python36
Comment 40 OBSbugzilla Bot 2020-12-01 18:21:01 UTC
This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/852415 Factory / python36
Comment 42 OBSbugzilla Bot 2020-12-05 17:31:02 UTC
This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/853277 Factory / python36
Comment 43 OBSbugzilla Bot 2020-12-05 19:11:03 UTC
This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/853314 Factory / python36
Comment 46 OBSbugzilla Bot 2020-12-17 18:11:05 UTC
This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/856737 Factory / python36
Comment 47 OBSbugzilla Bot 2021-10-06 14:41:11 UTC
This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/923499 Factory / python36
Comment 48 OBSbugzilla Bot 2021-10-22 08:41:11 UTC
This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/926876 Factory / python36
Comment 49 OBSbugzilla Bot 2022-02-06 22:30:22 UTC
This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/951983 Factory / python
Comment 50 OBSbugzilla Bot 2022-02-09 19:10:23 UTC
This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/953031 Factory / python
Comment 51 OBSbugzilla Bot 2022-06-10 08:40:22 UTC
This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/981989 Factory / python