CVE-2023-31039

08.05.2023, 09:15

Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file.
An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process.

Solution:
1. upgrade to bRPC >= 1.5.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/
2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2218 https://github.com/apache/brpc/pull/2218

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
apache	brpc	0.9.0 ≤ 𝑥 < 1.5.0

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
apache	brpc	0.9.0 ≤ 𝑥 < 1.5.0	ADP

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://www.openwall.com/lists/oss-security/2023/05/08/1

https://lists.apache.org/thread/jqpttrqbc38yhckgp67xk399hqxnz7jn

http://www.openwall.com/lists/oss-security/2023/05/08/1

https://lists.apache.org/thread/jqpttrqbc38yhckgp67xk399hqxnz7jn