CVE-2024-27758 — Missing Authentication for Critical Function in Rpyc

CWE-306 — Missing Authentication for Critical Function CWE-358 — Improperly Implemented Security Check for Standard CWE-913 — Improper Control of Dynamically-Managed Code Resources CWE-502 — Deserialization of Untrusted Data6 documents5 sources

Severity

8.4HIGHNVD

EPSS

3.6%

top 12.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Rpyc

Timeline

PublishedMar 12

Description

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages1 packages

▶debiandebian/rpyc< rpyc 6.0.0-1 (forky)

🔴Vulnerability Details

OSV

CVE-2024-27758: In RPyC before 6↗2024-03-12

▶

OSV

RPyC's missing security check results in code execution when using numpy.array on the server-side.↗2024-03-06

▶

GHSA

RPyC's missing security check results in code execution when using numpy.array on the server-side.↗2024-03-06

▶

📋Vendor Advisories

Red Hat

python-rpyc: Remote attacker can craft a class, resulting in remote code execution↗2024-03-12

▶

Debian

CVE-2024-27758: rpyc - In RPyC before 6.0.0, when a server exposes a method that calls the attribute na...↗2024

▶