CLD-313 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-18207 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) python3
Deficiency Type SECURITY
Date Created 2018-03-01 10:39:19
Date Last Modified 2018-03-01 12:54:16

Version Specific Information:

Cucumber 1.0 i686fixed in python3-3.6.4-i686-2
Cucumber 1.0 x86_64fixed in python3-3.6.4-x86_64-2

Cucumber 1.1 i686 fixed in python3-3.6.4-i686-2
Cucumber 1.1 x86_64 fixed in python3-3.6.4-x86_64-2


=================================== Overview ===================================

The Wave_read._read_fmt_chunk function in Lib/ in Python through 3.6.4
does not ensure a nonzero channel value, which allows attackers to cause a
denial of service (divide-by-zero error and application crash) via a crafted
wav format audio file. 

================================ Initial Report ================================


I found a bug in because there is no check for self._channel in
_read_fmt_chunk function.  When I try to open a wav file which channel is zero,
it will crash bacause of divided by zero in initfp function.

================================= Our Analysis =================================

----- Affected Products -----
Python3 up to and including Python 3.6.4 that has not had the patch from
applied is vulnerable to this. At the time of this writing, 3.6.4 is the latest
version of Python3; future versions may or may not be affected.

----- Scope and Impact of this Vulnerability -----
Allows for an attacker to cause a denial of service (application crash) in any
application using the standard Python wave library on an arbitrary file.

----- Fix for this Vulnerability -----
This vulnerability has been fixed by 

================================= Our Solution =================================

We have applied a modified version of the aforementioned patch and rebuilt. Our
modified patch can be found at: