Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU50990
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36242
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when processing certain sequences of update calls to symmetrically encrypt multi-GB values. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package python-crcmod, python-cryptography, python-cryptography-vectors to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP1 - 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP4
SUSE Linux Enterprise Server 15: SP1 - SP4
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP4
SUSE Manager Retail Branch Server: 4.0 - 4.3
SUSE Manager Proxy: 4.0 - 4.3
SUSE Manager Server: 4.0 - 4.3
openSUSE Leap: 15.4
python3-aliyun-python-sdk-emap: before 1.0-150100.3.3.5
python3-aliyun-python-sdk-emas-appmonitor: before 1.2.0-150100.3.3.5
python3-aliyun-python-sdk-sls: before 1.0.8-150100.3.3.4
python3-aliyun-python-sdk-idrsservice: before 3.7.3-150100.3.3.5
python3-aliyun-python-sdk-sgw: before 1.0.0-150100.3.3.4
python3-aliyun-python-sdk-mpaas: before 1.0.0-150100.3.3.5
python3-aliyun-python-sdk-cdrs: before 1.0.9-150100.3.3.5
python3-aliyun-python-sdk-idsp: before 1.4-150100.3.3.5
python3-aliyun-python-sdk-dg: before 1.0.9-150100.3.3.5
python3-aliyun-python-sdk-safconsole: before 1.0.1-150100.3.3.4
python3-aliyun-python-sdk-polardbx: before 20201028-150100.3.3.4
python3-aliyun-python-sdk-servicemesh: before 1.0.5-150100.3.3.4
python3-aliyun-python-sdk-metering: before 1.0.0-150100.3.3.5
python3-aliyun-python-sdk-eais: before 2.0.0-150100.3.3.5
python3-aliyun-python-sdk-ddoscoo: before 1.0.1-150100.3.3.5
python3-aliyun-python-sdk-privatelink: before 1.0.2-150100.3.3.4
python3-aliyun-python-sdk-gdb: before 1.0.0-150100.3.3.5
python3-aliyun-python-sdk-teambition-aliyun: before 1.0.8-150100.3.3.4
python3-aliyun-python-sdk-et-industry-openapi: before 3.6-150100.3.3.5
python3-aliyun-python-sdk-smarthosting: before 1.0.1-150100.3.3.4
python3-aliyun-python-sdk-tdsr: before 0.9.2-150100.3.3.4
python3-aliyun-python-sdk-config: before 1.0.3-150100.3.3.5
python3-aliyun-python-sdk-hitsdb: before 1.0.1-150100.3.3.5
python3-oss2: before 2.14.0-150100.3.3.4
python3-crcmod: before 1.7-150100.3.3.4
python2-crcmod: before 1.7-150100.3.3.4
python3-aliyun-python-sdk-dbs: before 1.0.29-150100.3.7.5
python3-aliyun-python-sdk-jarvis: before 1.2.4-150100.3.7.5
python3-aliyun-python-sdk-resourcemanager: before 1.0.0-150100.3.7.4
python3-aliyun-python-sdk-productcatalog: before 1.0.1-150100.3.7.4
python3-aliyun-python-sdk-ecs: before 4.23.9-150100.3.7.5
python3-aliyun-python-sdk-core: before 2.13.30-150100.3.7.5
python3-aliyun-python-sdk-sas: before 1.1.3-150100.3.7.4
python3-aliyun-python-sdk-rdc: before 1.1-150100.3.7.4
python3-aliyun-python-sdk-democenter: before 1.1.0-150100.3.7.5
python3-aliyun-python-sdk-cloudgame: before 1.0.0-150100.3.7.5
python3-aliyun-python-sdk-companyreg: before 1.0.2-150100.3.7.5
python3-aliyun-python-sdk-cloudauth: before 2.0.26-150100.3.7.5
python3-aliyun-python-sdk-acm: before 1.0.1-150100.3.7.5
python3-aliyun-python-sdk-arms4finance: before 2.0.2-150100.3.7.5
python3-aliyun-python-sdk-faas: before 2.7.11-150100.3.7.5
python3-aliyun-python-sdk-highddos: before 2.1.2-150100.3.7.5
python3-aliyun-python-sdk-green: before 3.6.3-150100.3.7.5
python3-aliyun-python-sdk-imagerecog: before 1.0.13-150100.3.7.5
python3-aliyun-python-sdk-saf: before 3.0.2-150100.3.7.4
python3-aliyun-python-sdk-visionai-poc: before 1.0.1-150100.3.7.4
python3-aliyun-python-sdk-webplus: before 1.0.0-150100.3.7.4
python3-aliyun-python-sdk-videosearch: before 1.1.0-150100.3.7.4
python3-aliyun-python-sdk-schedulerx2: before 1.0.3-150100.3.7.4
python3-aliyun-python-sdk-hiknoengine: before 0.0.2-150100.3.7.5
python3-aliyun-python-sdk-ledgerdb: before 0.7.0-150100.3.7.5
python3-aliyun-python-sdk-videoenhan: before 1.0.7-150100.3.7.4
python3-aliyun-python-sdk-cloudapi: before 4.9.2-150100.3.7.5
python3-aliyun-python-sdk-dybaseapi: before 1.0.6-150100.3.7.5
python3-aliyun-python-sdk-chatbot: before 1.2.1-150100.3.7.5
python3-aliyun-python-sdk-imageaudit: before 1.0.7-150100.3.7.5
python3-aliyun-python-sdk-openanalytics-open: before 2.0.2-150100.3.7.4
python3-aliyun-python-sdk-dypnsapi: before 1.1.3-150100.3.7.5
python3-aliyun-python-sdk-devops-rdc: before 1.9.0-150100.3.7.5
python3-aliyun-python-sdk-imm: before 1.23.0-150100.3.7.5
python3-aliyun-python-sdk-polardb: before 1.8.3-150100.3.7.4
python3-aliyun-python-sdk-pvtz: before 1.0.5-150100.3.7.4
python3-aliyun-python-sdk-drds: before 20201028-150100.3.7.5
python3-aliyun-python-sdk-risk: before 0.0.3-150100.3.7.4
python3-aliyun-python-sdk-iot: before 8.21.1-150100.3.7.5
python3-aliyun-python-sdk-live: before 3.9.5-150100.3.7.5
python3-aliyun-python-sdk-linkedmall: before 1.0.0-150100.3.7.5
python3-aliyun-python-sdk-ccc: before 2.0.4-150100.3.7.5
python3-aliyun-python-sdk-ivpd: before 1.0.6.1-150100.3.7.5
python3-aliyun-python-sdk-cams: before 1.0.3-150100.3.7.5
python3-aliyun-python-sdk-scdn: before 2.2.3-150100.3.7.4
python3-aliyun-python-sdk-linkwan: before 1.0.3-150100.3.7.5
python3-aliyun-python-sdk-hivisengine: before 0.0.2-150100.3.7.5
python3-aliyun-python-sdk-cas: before 20180713_0114-150100.3.7.5
python3-aliyun-python-sdk-hbase: before 2.9.2-150100.3.7.5
python3-aliyun-python-sdk-uis: before 1.0.1-150100.3.7.4
python3-aliyun-python-sdk-mts: before 2.7.6-150100.3.7.5
python3-aliyun-python-sdk-ivision: before 1.2.0-150100.3.7.5
python3-aliyun-python-sdk-dms-enterprise: before 1.12.0-150100.3.7.5
python3-aliyun-python-sdk-multimediaai: before 1.1.3-150100.3.7.5
python3-aliyun-python-sdk-sts: before 3.0.2-150100.3.7.4
python3-aliyun-python-sdk-adb: before 1.0.5-150100.3.7.5
python3-aliyun-python-sdk-rds: before 2.5.8-150100.3.7.4
python3-aliyun-python-sdk-cs: before 4.8.1-150100.3.7.5
python3-aliyun-python-sdk-ots: before 4.0.1-150100.3.7.4
python3-aliyun-python-sdk-openanalytics: before 1.0.1-150100.3.7.4
python3-aliyun-python-sdk-teslastream: before 1.0.1-150100.3.7.4
python3-aliyun-python-sdk-nas: before 3.10.0-150100.3.7.5
python3-aliyun-python-sdk-xtrace: before 0.2.2-150100.3.7.4
python3-aliyun-python-sdk-vs: before 1.10.2-150100.3.7.4
python3-aliyun-python-sdk-quickbi-public: before 1.4.0-150100.3.7.4
python3-aliyun-python-sdk-oos: before 1.4.0-150100.3.7.4
python3-aliyun-python-sdk-codeup: before 0.0.8-150100.3.7.5
python3-aliyun-python-sdk-ehpc: before 1.14.1-150100.3.7.5
python3-aliyun-python-sdk-ossadmin: before 0.0.3-150100.3.7.4
python3-aliyun-python-sdk-snsuapi: before 1.7.1-150100.3.7.4
python3-aliyun-python-sdk-acms-open: before 1.0.0-150100.3.7.5
python3-aliyun-python-sdk-visionai: before 1.0.1-150100.3.7.4
python3-aliyun-python-sdk-brinekingdom: before 1.0.1-150100.3.7.5
python3-aliyun-python-sdk-domain: before 3.14.4-150100.3.7.5
python3-aliyun-python-sdk-lubancloud: before 1.0.1-150100.3.7.5
python3-aliyun-python-sdk-ess: before 2.3.3-150100.3.7.5
python3-aliyun-python-sdk-eci: before 1.1.3-150100.3.7.5
python3-aliyun-python-sdk-dcdn: before 2.1.2-150100.3.7.5
python3-aliyun-python-sdk-ccs: before 1.0.1-150100.3.7.5
python3-aliyun-python-sdk-dds: before 3.5.0-150100.3.7.5
python3-aliyun-python-sdk-baas: before 1.0.1-150100.3.7.5
python3-aliyun-python-sdk-gts-phd: before 1-150100.3.7.5
python3-aliyun-python-sdk-cassandra: before 1.0.6-150100.3.7.5
python3-aliyun-python-sdk-das: before 1.0.5-150100.3.7.5
python3-aliyun-python-sdk-sas-api: before 2.1.1-150100.3.7.4
python3-aliyun-python-sdk-ram: before 3.2.0-150100.3.7.4
python3-aliyun-python-sdk-ens: before 1.3.3-150100.3.7.5
python3-aliyun-python-sdk-viapiutils: before 1.0-150100.3.7.4
python3-aliyun-python-sdk-imageseg: before 1.1.8-150100.3.7.5
python3-aliyun-python-sdk-ons: before 3.1.6-150100.3.7.4
python3-aliyun-python-sdk-ft: before 5.6.7-150100.3.7.5
python3-aliyun-python-sdk-cspro: before 1.3.9-150100.3.7.5
python3-aliyun-python-sdk-arms: before 2.5.22-150100.3.7.5
python3-aliyun-python-sdk-httpdns: before 2.1.1-150100.3.7.5
python3-aliyun-python-sdk-bssopenapi: before 1.6.2-150100.3.7.5
python3-aliyun-python-sdk-tesladam: before 1.0.2-150100.3.7.4
python3-aliyun-python-sdk-hpc: before 2.0.3-150100.3.7.5
python3-aliyun-python-sdk-alidns: before 2.6.20-150100.3.7.5
python3-aliyun-python-sdk-cloudmarketing: before 2.7.16-150100.3.7.5
python3-aliyun-python-sdk-unimkt: before 1.0.24-150100.3.7.4
python3-aliyun-python-sdk-videoseg: before 1.0.3-150100.3.7.4
python3-aliyun-python-sdk-aas: before 2.1.1-150100.3.5.5
python3-aliyun-python-sdk-alimt: before 3.0.30-150100.3.7.5
python3-aliyun-python-sdk-xspace: before 1.2.1-150100.3.7.4
python3-aliyun-python-sdk-dysmsapi: before 2.1.1-150100.3.7.5
python3-aliyun-python-sdk-domain-intl: before 1.6.0-150100.3.7.5
python3-aliyun-python-sdk-ubsms: before 2.0.5-150100.3.7.4
python3-aliyun-python-sdk-ocs: before 0.0.4-150100.3.7.4
python3-aliyun-python-sdk-ros: before 3.6.0-150100.3.7.4
python3-aliyun-python-sdk-workorder: before 3.0.0-150100.3.7.4
python3-aliyun-python-sdk-bss: before 0.0.4-150100.3.7.5
python3-aliyun-python-sdk-imagesearch: before 2.0.0-150100.3.7.5
python3-aliyun-python-sdk-emr: before 3.3.2-150100.3.7.5
python3-aliyun-python-sdk-csb: before 1.2.9-150100.3.7.5
python3-aliyun-python-sdk-cloudesl: before 2.0.4-150100.3.7.5
python3-aliyun-python-sdk-petadata: before 1.2.1-150100.3.7.4
python3-aliyun-python-sdk-actiontrail: before 2.0.3-150100.3.7.5
python3-aliyun-python-sdk-oms: before 0.0.3-150100.3.7.4
python3-aliyun-python-sdk-clickhouse: before 2.0.0-150100.3.7.5
python3-aliyun-python-sdk-geoip: before 1.0.3-150100.3.7.5
python3-aliyun-python-sdk-cloudphoto: before 1.1.19-150100.3.7.5
python3-aliyun-python-sdk-vod: before 2.15.12-150100.3.7.4
python3-aliyun-python-sdk-welfare-inner: before 1.1.0-150100.3.7.4
python3-aliyun-python-sdk-foas: before 2.3.3-150100.3.7.5
python3-aliyun-python-sdk-imgsearch: before 1.1.6-150100.3.7.5
python3-aliyun-python-sdk-aliyuncvc: before 1.0.10.2-150100.3.7.5
python3-aliyun-python-sdk-cusanalytic_sc_online: before 1.0.2-150100.3.7.5
python3-aliyun-python-sdk-opensearch: before 0.9.0-150100.3.7.4
python3-aliyun-python-sdk-yundun-ds: before 1.0.0-150100.3.7.4
python3-aliyun-python-sdk-cloudwf: before 1.0.3-150100.3.7.5
python3-aliyun-python-sdk-address-purification: before 1.0.0-150100.3.7.5
python3-aliyun-python-sdk-videorecog: before 1.0.2-150100.3.7.4
python3-aliyun-python-sdk-airec: before 2.0.0-150100.3.7.5
python3-aliyun-python-sdk-afs: before 1.0.1-150100.3.7.5
python3-aliyun-python-sdk-mopen: before 1.1.1-150100.3.7.5
python3-aliyun-python-sdk-dyvmsapi: before 3.0.2-150100.3.7.5
python3-aliyun-python-sdk-nlp-automl: before 0.0.9-150100.3.7.5
python3-aliyun-python-sdk-sddp: before 1.0.1-150100.3.7.4
python3-aliyun-python-sdk-sae: before 1.5.0.0-150100.3.7.4
python3-aliyun-python-sdk-trademark: before 1.2.1-150100.3.7.4
python3-aliyun-python-sdk-iqa: before 1.0.0-150100.3.7.5
python3-aliyun-python-sdk-fnf: before 1.8.0-150100.3.7.5
python3-aliyun-python-sdk-paistudio: before 1.0.0-150100.3.7.4
python3-aliyun-python-sdk-status: before 3.7-150100.3.7.4
python3-aliyun-python-sdk-retailcloud: before 2.0.12-150100.3.7.4
python3-aliyun-python-sdk-eas: before 0.0.3-150100.3.7.5
python3-aliyun-python-sdk-hbr: before 0.0.2-150100.3.7.5
python3-aliyun-python-sdk-ocr: before 1.0.9-150100.3.7.4
python3-aliyun-python-sdk-objectdet: before 1.0.10-150100.3.7.4
python3-aliyun-python-sdk-r-kvstore: before 2.13.0-150100.3.7.4
python3-aliyun-python-sdk-jaq: before 2.0.7-150100.3.7.5
python3-aliyun-python-sdk-tag: before 1.0.1-150100.3.7.4
python3-aliyun-python-sdk-gpdb: before 1.0.5-150100.3.7.5
python3-aliyun-python-sdk-aligreen-console: before 1.0.3-150100.3.7.5
python3-aliyun-python-sdk-edas: before 3.15.2-150100.3.7.5
python3-aliyun-python-sdk-nls-cloud-meta: before 1.0.1-150100.3.7.5
python3-aliyun-python-sdk-cr: before 4.1.2-150100.3.7.5
python3-aliyun-python-sdk-vcs: before 2.0.4-150100.3.7.4
python3-aliyun-python-sdk-dts: before 5.1.9-150100.3.7.5
python3-aliyun-python-sdk-smc: before 1.0.2-150100.3.7.4
python3-aliyun-python-sdk-imageenhan: before 1.1.2-150100.3.7.5
python3-aliyun-python-sdk-vpc: before 3.0.12-150100.3.7.4
python3-aliyun-python-sdk-waf-openapi: before 1.1.4-150100.3.7.4
python3-aliyun-python-sdk-appmallsservice: before 1.1.1-150100.3.7.5
python3-aliyun-python-sdk-elasticsearch: before 3.0.20-150100.3.7.5
python3-aliyun-python-sdk-outboundbot: before 1.0.5-150100.3.7.4
python3-aliyun-python-sdk-crm: before 2.2.1-150100.3.7.5
python3-aliyun-python-sdk-qualitycheck: before 3.0.9-150100.3.7.4
python3-aliyun-python-sdk-industry-brain: before 5.0.52-150100.3.7.5
python3-aliyun-python-sdk-dyplsapi: before 1.3.0-150100.3.7.5
python3-aliyun-python-sdk: before 1.0.0-150100.3.7.4
python3-aliyun-python-sdk-cms: before 7.0.18-150100.3.7.5
python3-aliyun-python-sdk-imageprocess: before 1.0.10-150100.3.7.5
python3-aliyun-python-sdk-onsmqtt: before 1.0.5-150100.3.7.4
python3-aliyun-python-sdk-market: before 2.0.24-150100.3.7.5
python3-aliyun-python-sdk-hsm: before 1.0.1-150100.3.7.5
python3-aliyun-python-sdk-reid: before 1.1.8.5-150100.3.7.4
python3-aliyun-python-sdk-pts: before 2.1.0-150100.3.7.4
python3-aliyun-python-sdk-goodstech: before 1.0.2-150100.3.7.5
python3-aliyun-python-sdk-cbn: before 1.0.7-150100.3.7.5
python3-aliyun-python-sdk-amqp-open: before 1.1.1-150100.3.5.5
python3-aliyun-python-sdk-smartag: before 1.5.4-150100.3.7.4
python3-aliyun-python-sdk-slb: before 3.3.3-150100.3.7.4
python3-aliyun-python-sdk-aegis: before 1.0.6-150100.3.7.5
python3-aliyun-python-sdk-jarvis-public: before 1.0.1-150100.3.7.5
python3-aliyun-python-sdk-alinlp: before 1.0.16-150100.3.7.5
python3-aliyun-python-sdk-cdn: before 3.6.1-150100.3.7.5
python3-aliyun-python-sdk-dbfs: before 1.0.2-150100.3.7.5
python3-aliyun-python-sdk-dataworks-public: before 3.2.6-150100.3.7.5
python3-aliyun-python-sdk-facebody: before 1.2.15-150100.3.7.5
python3-aliyun-python-sdk-teslamaxcompute: before 1.5.5-150100.3.7.4
python3-aliyun-python-sdk-rtc: before 1.2.5-150100.3.7.4
python3-aliyun-python-sdk-kms: before 2.14.0-150100.3.7.5
python3-aliyun-python-sdk-voicenavigator: before 1.1.1-150100.3.7.4
python3-aliyun-python-sdk-push: before 3.13.6-150100.3.7.4
python3-aliyun-python-sdk-yundun: before 2.1.4-150100.3.7.4
python3-aliyun-python-sdk-netana: before 1.0.0-150100.3.7.5
python3-aliyun-python-sdk-linkface: before 1.2.0-150100.3.7.5
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20231838-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.