CVE-2019-6446
Arbitrary Code Execution vulnerability in numpy (PyPI)
What is CVE-2019-6446 About?
This Arbitrary Code Execution vulnerability in NumPy versions 1.16.0 and earlier arises from unsafe use of the `pickle` Python module. It allows remote attackers to execute arbitrary code by loading a crafted serialized object. While disputed as a feature by some, it presents a significant security risk when processing untrusted input.
Affected Software
- numpy
- <=1.16.0
- <1.16.1
Technical Details
The vulnerability in NumPy 1.16.0 and earlier stems from its use of the Python pickle module for serialization and deserialization, specifically when functions like numpy.load() are used. The pickle module, by design, can deserialize arbitrary Python objects, including those that can trigger code execution (e.g., by constructing objects that call __reduce__ methods with malicious code). If a remote attacker provides a specially crafted serialized NumPy object (a 'pickle payload'), and the vulnerable application attempts to load it using numpy.load() or similar deserialization functions without proper validation, the attacker's embedded code will be executed in the context of the application. This is a common deserialization vulnerability, where the trusted deserializer executes untrusted code within object constructors or methods.
What is the Impact of CVE-2019-6446?
Successful exploitation may allow attackers to execute arbitrary code on the affected system, leading to full system compromise, data theft, and further network penetration.
What is the Exploitability of CVE-2019-6446?
Exploitation of this vulnerability has moderate complexity. It requires the attacker to be able to provide a crafted serialized object (a 'pickle payload') to the vulnerable application, which then attempts to deserialize and load it using NumPy's functions. No specific authentication or privileges are typically required for the initial payload delivery, assuming the application processes untrusted serialized input. This is often a remote exploitation scenario, where the attacker sends a malicious file or data stream over a network connection. Prerequisite conditions include the application's reliance on numpy.load() or similar functions to process external, untrusted data. Risk factors increasing exploitation likelihood include applications that accept user-uploaded NumPy data structures or models, or systems where serialized objects might be exchanged without integrity checks, allowing an attacker to inject a malicious pickle payload. The dispute regarding this behavior highlights a key constraint: the system must be processing untrusted serialized objects for this to be a vulnerability, as pickle is inherently insecure with untrusted input.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| RayScri | Link | Numpy deserialization command execution |
What are the Available Fixes for CVE-2019-6446?
Available Upgrade Options
- numpy
- <1.16.1 → Upgrade to 1.16.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://bugzilla.suse.com/show_bug.cgi?id=1122208
- https://github.com/numpy/numpy
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4
- https://osv.dev/vulnerability/PYSEC-2019-108
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4
- http://www.securityfocus.com/bid/106670
- http://www.securityfocus.com/bid/106670
- https://web.archive.org/web/20210124234613/https://www.securityfocus.com/bid/106670
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html
What are Similar Vulnerabilities to CVE-2019-6446?
Similar Vulnerabilities: CVE-2023-46736 , CVE-2022-21724 , CVE-2021-3255 , CVE-2020-13768 , CVE-2019-12386
