Listen to this Post
How the CVE Works
The vulnerability lies in the `read` method of the `SparseMatrix` class, which deserializes an `InputStream` into a `SparseMatrix` object. Attackers can exploit insecure deserialization by crafting malicious input streams, leading to arbitrary code execution or privilege escalation. This occurs when untrusted data is processed without proper validation, allowing attackers to manipulate object deserialization and execute unintended actions. Applications using `SparseMatrix.read()` with user-supplied or external streams are at risk.
DailyCVE Form
Platform: Powsybl
Version: <6.7.2
Vulnerability: Deserialization flaw
Severity: Critical
Date: 2024-03-15
Prediction: Patch by 2024-04-10
What Undercode Say
Check if vulnerable version is installed mvn dependency:tree | grep "powsybl-math" Exploit PoC (simplified) InputStream maliciousStream = generateMaliciousPayload(); SparseMatrix.read(maliciousStream); // Triggers RCE
How Exploit
- Craft malicious serialized `SparseMatrix`
– Deliver via user-upload or network stream - Trigger deserialization for RCE
Protection from this CVE
- Upgrade to powsybl-math ≥6.7.2
- Disable `SparseMatrix.read()`
– Validate input streams
Impact
- Remote Code Execution (RCE)
- Privilege escalation
- System compromise
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
