Python CPython Base64 Module Altchars Vulnerability

A vulnerability exists in the base64 module of Python's CPython implementation, specifically in the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions. When using the altchars parameter to define an alternative base64 alphabet, these functions still accept the standard base64 characters '+' and '/', regardless of the specified alternative. This behavior, which aligns with older base64 RFCs, can lead to data integrity issues, as newer RFCs recommend either removing characters not in the specified alphabet or raising an error. The vulnerability is only a concern if an application uses an alternative base64 alphabet that excludes '+' and '/'.

Impact

This vulnerability can cause data integrity problems by allowing standard base64 characters to be accepted in alternative alphabets, potentially leading to incorrect data decoding.

Reproduction

The vulnerability can be reproduced by calling the base64.b64decode() function with a string that includes '+' or '/' characters, while specifying an altchars parameter that does not include these characters. The function will incorrectly accept the standard characters, contrary to the expected behavior when an alternative alphabet is provided.

Remediation

Users are advised to manually check that inputs to the base64 decoding functions conform to the expected base64 alphabet, especially when using alternative alphabets. In Python 3.15 and later, the base64.b64decode() function will reject invalid characters by default, but this change is not yet in effect for urlsafe_b64decode().