UBUNTU-CVE-2024-27758
- Source
- https://ubuntu.com/security/CVE-2024-27758
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-27758.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-27758
- Related
- Published
- 2024-03-12T16:15:00Z
- Modified
- 2025-06-02T17:26:02Z
- Severity
-
- 8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In RPyC before 6.0.0, when a server exposes a method that calls the attribute named array for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.
- References
-
- https://ubuntu.com/security/CVE-2024-27758
- https://github.com/tomerfiliba-org/rpyc/security/advisories/GHSA-h5cg-53g7-gqjw
- https://github.com/tomerfiliba-org/rpyc/issues/551
- https://github.com/tomerfiliba-org/rpyc/commit/bba1d3562e6f9f1256ec64048cc23001c0bb7516
- https://gist.github.com/renbou/957f70d27470982994f12a1d70153d09
- https://www.cve.org/CVERecord?id=CVE-2024-27758
Affected packages
Ubuntu:Pro:18.04:LTS / rpyc
Package
- Name
- rpyc
- Purl
- pkg:deb/ubuntu/rpyc@3.4.4-1?arch=source&distro=esm-apps/bionic
Ubuntu:22.04:LTS / rpyc
Package
- Name
- rpyc
- Purl
- pkg:deb/ubuntu/rpyc@5.0.1-3?arch=source&distro=jammy
Ubuntu:24.10 / rpyc
Package
- Name
- rpyc
- Purl
- pkg:deb/ubuntu/rpyc@6.0.0-1?arch=source&distro=oracular
Ubuntu:24.04:LTS / rpyc
Package
- Name
- rpyc
- Purl
- pkg:deb/ubuntu/rpyc@5.3.1-1?arch=source&distro=noble