PyArrow Unsafe Deserialization β CVE-2023-47248 PoC
WARNING: MALICIOUS FILE β SECURITY RESEARCH ONLY
Vulnerability
File: python/pyarrow/types.pxi
Function: PyExtensionType autoload
CVE: CVE-2023-47248
Description
PyArrow 0.14.0 through 14.0.0 has py_extension_type_auto_load = True by
default. When reading IPC/Parquet/Feather files, __arrow_ext_deserialize__
calls pickle.loads() on untrusted extension metadata, enabling RCE.
# Vulnerable path when reading IPC/Parquet files
__arrow_ext_deserialize__(self, serialized):
return pickle.loads(serialized) # RCE!
Impact
- Severity: Critical (CVSS 9.8)
- Attack Vector: Victim reads malicious .arrow/.feather file β RCE
- Fix: PyArrow 14.0.1+ sets
py_extension_type_auto_load = False
Reproduction
import pyarrow.ipc as ipc
reader = ipc.open_file("malicious_pyarrow.arrow")
table = reader.read_all() # RCE triggered
References
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support