CVE-2024-39705
published 2024-06-27CVE-2024-39705: NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used…
PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.35%
67.9th percentile
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nltk | < nltk 3.9.1-1 (forky) | nltk 3.9.1-1 (forky) |
| nltk | nltk | >= 0 < 3.9.1-1 | 3.9.1-1 |
| nltk | nltk | >= 0 < 3.9.1-1 | 3.9.1-1 |
| nltk | nltk | >= 0 < 3.9 | 3.9 |
Detection & IOCsextracted from sources · hover to see the quote
- →Remote code execution vector involves NLTK's integrated data package download functionality loading pickled Python code from untrusted packages — monitor for nltk.download() calls that fetch packages such as 'averaged_perceptron_tagger' or 'punkt' from non-official or tampered sources ↗
- →Flag use of NLTK versions up to and including 3.8.1 in environments where nltk.download() is invoked, as these are vulnerable to RCE via malicious pickled data packages ↗
- ·Vulnerability is only exploitable when the integrated NLTK data package download functionality is used AND the downloaded packages originate from or have been tampered by an untrusted source — air-gapped or strictly controlled package mirrors reduce exposure ↗
- ·Debian bookworm and bullseye remain open/unpatched as of the tracker; only forky, sid, and trixie have resolved the issue with NLTK 3.9.1-1 ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
ntlk unsafe deserialization vulnerability
ghsa·2024-06-28
CVE-2024-39705 [HIGH] CWE-300 ntlk unsafe deserialization vulnerability
ntlk unsafe deserialization vulnerability
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.
OSV
ntlk unsafe deserialization vulnerability
osv·2024-06-28
CVE-2024-39705 [HIGH] ntlk unsafe deserialization vulnerability
ntlk unsafe deserialization vulnerability
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.
OSV
CVE-2024-39705: NLTK through 3
osv·2024-06-27·CVSS 9.8
CVE-2024-39705 [CRITICAL] CVE-2024-39705: NLTK through 3
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.
Debian
CVE-2024-39705: nltk - NLTK through 3.8.1 allows remote code execution if untrusted packages have pickl...
vendor_debian·2024·CVSS 9.8
CVE-2024-39705 [CRITICAL] CVE-2024-39705: nltk - NLTK through 3.8.1 allows remote code execution if untrusted packages have pickl...
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 3.9.1-1)
sid: resolved (fixed in 3.9.1-1)
trixie: resolved (fixed in 3.9.1-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/nltk/nltk/issues/2522https://github.com/nltk/nltk/issues/3266https://www.vicarius.io/vsociety/posts/rce-in-python-nltk-cve-2024-39705-39706https://github.com/nltk/nltk/issues/2522https://github.com/nltk/nltk/issues/3266https://www.vicarius.io/vsociety/posts/rce-in-python-nltk-cve-2024-39705-39706
2024-06-27
Published