Upstream information

CVE-2024-27758 at MITRE

Description

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

SUSE Bugzilla entry: 1221331 [IN_PROGRESS]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub 15 SP5
  • python3-rpyc >= 4.1.5-bp155.3.3.1
Patchnames:
openSUSE-2024-82
openSUSE Leap 15.5
  • python3-rpyc >= 4.1.5-bp155.3.3.1
Patchnames:
openSUSE-2024-82
openSUSE Tumbleweed
  • python310-rpyc >= 6.0.0-1.1
  • python311-rpyc >= 6.0.0-1.1
  • python312-rpyc >= 6.0.0-1.1
  • python39-rpyc >= 6.0.0-1.1
Patchnames:
openSUSE-Tumbleweed-2024-13768


SUSE Timeline for this CVE

CVE page created: Tue Mar 12 19:00:19 2024
CVE page last modified: Fri Sep 27 16:52:48 2024