UBUNTU-CVE-2023-24816

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2023-24816
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-24816.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-24816
Related
Published
2023-02-10T20:15:00Z
Modified
2024-12-18T16:35:45Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function IPython.utils.terminal.set_term_title be called on Windows in a Python environment where ctypes is not available. The dependency on ctypes in IPython.utils._process_win32 prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool set_term_title could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the IPython.utils.terminal.set_term_title function are done with trusted or filtered input.

References

Affected packages

Ubuntu:Pro:14.04:LTS / ipython

Package

Name
ipython
Purl
pkg:deb/ubuntu/ipython?arch=src?distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.13.2-2

1.*

1.1.0-1
1.2.0~rc1-1
1.2.1-2
1.2.1-2ubuntu0.1~esm1

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / ipython

Package

Name
ipython
Purl
pkg:deb/ubuntu/ipython?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.0-2ubuntu1
2.3.0-2ubuntu2
2.4.1-1
2.4.1-1ubuntu0.1~esm2

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:18.04:LTS / ipython

Package

Name
ipython
Purl
pkg:deb/ubuntu/ipython?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.1.0-3
5.5.0-1
5.5.0-1ubuntu0.1~esm1

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:20.04:LTS / ipython

Package

Name
ipython
Purl
pkg:deb/ubuntu/ipython?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.8.0-1
5.8.0-1build1
5.8.0-2

7.*

7.12.0-1
7.13.0-1

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:22.04:LTS / ipython

Package

Name
ipython
Purl
pkg:deb/ubuntu/ipython?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.20.0-1
7.22.0-1
7.27.0-1
7.31.0-1
7.31.1-1

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:24.10 / ipython

Package

Name
ipython
Purl
pkg:deb/ubuntu/ipython?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.20.0-1
8.20.0-1ubuntu1

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:24.04:LTS / ipython

Package

Name
ipython
Purl
pkg:deb/ubuntu/ipython?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.14.0-2
8.20.0-1

Ecosystem specific 

{
    "ubuntu_priority": "low"
}