CVE-2023-24816

NameCVE-2023-24816
DescriptionIPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool `set_term_title` could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the `IPython.utils.terminal.set_term_title` function are done with trusted or filtered input.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ipython (PTS)jessie, jessie (lts)2.3.0-2+deb8u1fixed
stretch (security), stretch (lts), stretch5.1.0-3+deb9u1fixed
buster (security), buster, buster (lts)5.8.0-1+deb10u1fixed
bullseye (security), bullseye7.20.0-1+deb11u1fixed
bookworm8.5.0-4fixed
sid, trixie8.29.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ipythonsource(unstable)(not affected)

Notes

- ipython <not-affected> (Windows-specific)
https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7
https://github.com/ipython/ipython/commit/991849c247fc208628879e7ca2923b3c218a5a75 (8.10.0)

Search for package or bug name: Reporting problems