Bug 1083507 – VUL-0: CVE-2017-18207: python,python3: The Wave_read._read_fmt_chunk function in Lib/wave.py does not ensure a nonzero channel value, which allows attackers to cause a denial of service

Bug 1083507 - (CVE-2017-18207) VUL-0: CVE-2017-18207: python,python3: The Wave_read._read_fmt_chunk function in Lib/wave.py does not ensure a nonzero channel value, which allows attackers to cause a denial of service

(CVE-2017-18207)
Summary:	VUL-0: CVE-2017-18207: python,python3: The Wave_read._read_fmt_chunk function...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/201051/
Whiteboard:	obs:running:11857:important CVSSv3:NV...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-03-01 13:43 UTC by Karol Babioch
Modified:	2022-06-10 08:40 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
reproducer (66.51 KB, audio/x-wav) 2018-03-01 13:43 UTC, Karol Babioch	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karol Babioch 2018-03-01 13:43:09 UTC

CVE-2017-18207

The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4
does not ensure a nonzero channel value, which allows attackers to cause a
denial of service (divide-by-zero error and application crash) via a crafted wav
format audio file.

Upstream fix: https://github.com/python/cpython/pull/4437/files

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18207
https://bugs.python.org/issue32056

Comment 1 Karol Babioch 2018-03-01 13:43:42 UTC

Created attachment 762319 [details]
reproducer

Comment 2 Karol Babioch 2018-03-01 13:44:49 UTC

All codestreams are affected for both python2 and python3.

Reproducer can be triggered in the following way:

Downloads python2
Python 2.7.13 (default, Jan 03 2017, 17:41:54) [GCC] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import wave
>>> wave.open('audio-testcase.wav')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python2.7/wave.py", line 511, in open
    return Wave_read(f)
  File "/usr/lib64/python2.7/wave.py", line 164, in __init__
    self.initfp(f)
  File "/usr/lib64/python2.7/wave.py", line 150, in initfp
    self._nframes = chunk.chunksize // self._framesize
ZeroDivisionError: integer division or modulo by zero

Comment 3 Karol Babioch 2018-03-01 13:45:44 UTC

Python3 output:

Downloads python3
Python 3.4.6 (default, Mar 22 2017, 12:26:13) [GCC] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import wave
>>> wave.open('audio-testcase.wav')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib64/python3.4/wave.py", line 499, in open
    return Wave_read(f)
  File "/usr/lib64/python3.4/wave.py", line 163, in __init__
    self.initfp(f)
  File "/usr/lib64/python3.4/wave.py", line 149, in initfp
    self._nframes = chunk.chunksize // self._framesize
ZeroDivisionError: integer division or modulo by zero

Comment 6 Swamp Workflow Management 2018-04-12 19:08:19 UTC

SUSE-SU-2018:0934-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1083507
CVE References: CVE-2017-18207
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    python3-base-3.4.6-25.7.1
SUSE Linux Enterprise Server 12-SP3 (src):    python3-3.4.6-25.7.1, python3-base-3.4.6-25.7.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    python3-3.4.6-25.7.1, python3-base-3.4.6-25.7.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    python3-3.4.6-25.7.1, python3-base-3.4.6-25.7.1

Comment 7 Swamp Workflow Management 2018-04-17 01:08:50 UTC

openSUSE-SU-2018:0966-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1083507
CVE References: CVE-2017-18207
Sources used:
openSUSE Leap 42.3 (src):    python3-3.4.6-12.3.1, python3-base-3.4.6-12.3.1, python3-doc-3.4.6-12.3.2

Comment 11 Swamp Workflow Management 2018-06-12 14:14:31 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2018-06-26.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64059

Comment 12 Swamp Workflow Management 2018-06-22 16:11:12 UTC

SUSE-SU-2018:1786-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1083507
CVE References: CVE-2017-18207
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    python-2.6.9-40.6.2, python-base-2.6.9-40.6.2, python-doc-2.6-8.40.6.2
SUSE Linux Enterprise Server 11-SP4 (src):    python-2.6.9-40.6.2, python-base-2.6.9-40.6.2, python-doc-2.6-8.40.6.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    python-2.6.9-40.6.2, python-base-2.6.9-40.6.2

Comment 16 Swamp Workflow Management 2018-07-23 13:11:48 UTC

SUSE-SU-2018:2040-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1083507
CVE References: CVE-2017-18207
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    python-base-2.7.13-28.6.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    python-base-2.7.13-28.6.1
SUSE Linux Enterprise Server 12-SP3 (src):    python-2.7.13-28.6.1, python-base-2.7.13-28.6.1, python-doc-2.7.13-28.6.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    python-2.7.13-28.6.1, python-base-2.7.13-28.6.1
SUSE Enterprise Storage 5 (src):    python-2.7.13-28.6.1
SUSE CaaS Platform ALL (src):    python-2.7.13-28.6.1, python-base-2.7.13-28.6.1
OpenStack Cloud Magnum Orchestration 7 (src):    python-2.7.13-28.6.1, python-base-2.7.13-28.6.1

Comment 17 Swamp Workflow Management 2018-07-28 14:02:51 UTC

openSUSE-SU-2018:2126-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1083507
CVE References: CVE-2017-18207
Sources used:
openSUSE Leap 42.3 (src):    python-2.7.13-27.6.1, python-base-2.7.13-27.6.1, python-doc-2.7.13-27.6.1

Comment 18 Swamp Workflow Management 2018-08-24 16:08:13 UTC

SUSE-SU-2018:2493-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1083507
CVE References: CVE-2017-18207
Sources used:
SUSE CaaS Platform 3.0 (src):    python-2.7.13-28.11.1, python-base-2.7.13-28.11.2

Comment 25 Tomáš Chvátal 2020-01-10 14:03:11 UTC

This was already done.

Comment 27 Swamp Workflow Management 2020-01-16 14:13:15 UTC

SUSE-SU-2020:0114-1: An update that solves 26 vulnerabilities and has 30 fixes is now available.

Category: security (important)
Bug References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2, python3-doc-3.6.10-3.42.3
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2, python3-doc-3.6.10-3.42.3
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    python3-base-3.6.10-3.42.2
SUSE Linux Enterprise Module for Development Tools 15 (src):    python3-base-3.6.10-3.42.2
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2
SUSE Linux Enterprise Module for Basesystem 15 (src):    python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Swamp Workflow Management 2020-01-21 20:15:46 UTC

openSUSE-SU-2020:0086-1: An update that solves 26 vulnerabilities and has 30 fixes is now available.

Category: security (important)
Bug References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947
Sources used:
openSUSE Leap 15.1 (src):    python3-3.6.10-lp151.6.7.1, python3-base-3.6.10-lp151.6.7.1

Comment 29 Swamp Workflow Management 2020-01-24 20:12:37 UTC

SUSE-SU-2020:0234-1: An update that solves 37 vulnerabilities and has 50 fixes is now available.

Category: security (important)
Bug References: 1027282,1041090,1042670,1068664,1073269,1073748,1078326,1078485,1079300,1081750,1083507,1084650,1086001,1088004,1088009,1109847,1111793,1113755,1122191,1129346,1130840,1130847,1138459,1141853,1149792,1149955,1153238,1153830,1159035,214983,298378,346490,367853,379534,380942,399190,406051,425138,426563,430761,432677,436966,437293,441088,462375,525295,534721,551715,572673,577032,581765,603255,617751,637176,638233,658604,673071,682554,697251,707667,718009,747125,747794,751718,754447,766778,794139,804978,827982,831442,834601,836739,856835,856836,857470,863741,885882,898572,901715,935856,945401,964182,984751,985177,985348,989523,997436
CVE References: CVE-2007-2052,CVE-2008-1721,CVE-2008-2315,CVE-2008-2316,CVE-2008-3142,CVE-2008-3143,CVE-2008-3144,CVE-2011-1521,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-1753,CVE-2013-4238,CVE-2014-1912,CVE-2014-4650,CVE-2014-7185,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-1000158,CVE-2017-18207,CVE-2018-1000030,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20852,CVE-2019-10160,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947,CVE-2019-9948
Sources used:
SUSE Linux Enterprise Module for Python2 15-SP1 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1, python-doc-2.7.17-7.32.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    python-2.7.17-7.32.2, python-doc-2.7.17-7.32.2
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    python-2.7.17-7.32.2
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    python-2.7.17-7.32.2
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Swamp Workflow Management 2020-02-03 17:12:46 UTC

SUSE-SU-2020:0302-1: An update that solves 10 vulnerabilities and has 11 fixes is now available.

Category: security (important)
Bug References: 1027282,1029377,1081750,1083507,1086001,1088009,1094814,1109663,1137942,1138459,1141853,1149121,1149429,1149792,1149955,1151490,1159035,1159622,709442,951166,983582
CVE References: CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    python36-3.6.10-4.3.5, python36-base-3.6.10-4.3.5

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 33 Alexandros Toptsoglou 2020-04-29 13:37:08 UTC

Done

Comment 38 OBSbugzilla Bot 2020-11-27 16:41:06 UTC

This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/851367 Factory / python36

Comment 40 OBSbugzilla Bot 2020-12-01 18:21:01 UTC

This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/852415 Factory / python36

Comment 42 OBSbugzilla Bot 2020-12-05 17:31:02 UTC

This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/853277 Factory / python36

Comment 43 OBSbugzilla Bot 2020-12-05 19:11:03 UTC

This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/853314 Factory / python36

Comment 46 OBSbugzilla Bot 2020-12-17 18:11:05 UTC

This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/856737 Factory / python36

Comment 47 OBSbugzilla Bot 2021-10-06 14:41:11 UTC

This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/923499 Factory / python36

Comment 48 OBSbugzilla Bot 2021-10-22 08:41:11 UTC

This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/926876 Factory / python36

Comment 49 OBSbugzilla Bot 2022-02-06 22:30:22 UTC

This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/951983 Factory / python

Comment 50 OBSbugzilla Bot 2022-02-09 19:10:23 UTC

This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/953031 Factory / python

Comment 51 OBSbugzilla Bot 2022-06-10 08:40:22 UTC

This is an autogenerated message for OBS integration:
This bug (1083507) was mentioned in
https://build.opensuse.org/request/show/981989 Factory / python