CVE-2017-11424 — Project Pyjwt vulnerability

11 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 25.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pyjwt Project Pyjwt Debian Pyjwt Debian Linux

Timeline

PublishedAug 24

Latest updateMay 13

Description

In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string `-----BEGIN RSA PUBLIC KEY-----` which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/pyjwt< pyjwt 1.4.2-1.1 (bookworm)

▶PyPIpyjwt_project/pyjwt< 1.5.1

▶Debianpyjwt_project/pyjwt< 1.4.2-1.1+3

▶NVDpyjwt_project/pyjwt1.5.0

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

PyJWT vulnerable to key confusion attacks↗2022-05-13

▶

OSV

PyJWT vulnerable to key confusion attacks↗2022-05-13

▶

OSV

CVE-2017-11424: In PyJWT 1↗2017-08-24

▶

📋Vendor Advisories

Ubuntu

PyJWT vulnerability↗2017-08-30

▶

Red Hat

python-jwt: Incorrect handling of PEM-encoded public keys↗2017-06-22

▶

Debian

CVE-2017-11424: pyjwt - In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_k...↗2017

▶

📄Research Papers

CTF

cr0wnair / writeup_cr0wnair↗2021

▶

💬Community

Bugzilla

CVE-2017-11424 python-jwt: Incorrect handling of PEM-encoded public keys [epel-7]↗2017-08-17

▶

Bugzilla

CVE-2017-11424 python-jwt: Incorrect handling of PEM-encoded public keys↗2017-08-17

▶

Bugzilla

CVE-2017-11424 python-jwt: Incorrect handling of PEM-encoded public keys [fedora-all]↗2017-08-17

▶