CVE-2023-24816: IPython Command Injection RCE Vulnerability

CVE-2023-24816 Overview

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function IPython.utils.terminal.set_term_title be called on Windows in a Python environment where ctypes is not available.

The dependency on ctypes in IPython.utils._process_win32 prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool, set_term_title could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as the current process, limited to the scope of the current process.

Critical Impact

Command injection vulnerability in IPython library allows attackers to execute arbitrary shell commands when untrusted input reaches the set_term_title function on Windows systems without ctypes available.

Affected Products

• IPython versions prior to 8.1.0
• Microsoft Windows operating systems
• Applications using IPython as a library that call set_term_title with untrusted input

Discovery Timeline

• 2023-02-10 - CVE-2023-24816 published to NVD
• 2024-11-21 - Last updated in NVD database

Technical Details for CVE-2023-24816

Vulnerability Analysis

This command injection vulnerability (CWE-78) with improper input validation (CWE-20) exists in the terminal title-setting functionality of IPython on Windows platforms. The vulnerability arises from a fallback code path that becomes active when the ctypes module is unavailable.

When ctypes is not available, the code falls back to using os.system("title " + title) to set the terminal title. This direct concatenation of user input with a shell command creates a classic command injection vector. An attacker who can control the title parameter can append shell metacharacters and additional commands that will be executed with the privileges of the running process.

The attack complexity is high because exploitation requires a specific environment where ctypes is unavailable, which is not the typical Python installation on Windows.

Root Cause

The root cause is improper input validation in the fallback code path of the _set_term_title function in IPython/utils/terminal.py. When ctypes cannot be imported, the code uses direct shell command execution via os.system() with unsanitized user input. This violates secure coding principles by trusting external input in a security-sensitive operation.

The vulnerable pattern was:

os.system("title " + title)

This allows shell metacharacters in the title parameter to break out of the intended command and execute arbitrary commands.

Attack Vector

The attack requires local access and specific conditions: the attacker must be able to provide input to the set_term_title function on a Windows system where ctypes is not available. The attacker could inject shell commands by providing a malicious title string containing command separators such as & or | followed by malicious commands.

For example, an input like test & whoami would execute both the title command and the injected whoami command.

The security patch removes the vulnerable fallback code path entirely, making ctypes a hard requirement:

# Security patch in IPython/utils/terminal.py
# Source: https://github.com/ipython/ipython/commit/385d69325319a5972ee9b5983638e3617f21cb1f

         _set_term_title = _set_term_title_xterm
         _restore_term_title = _restore_term_title_xterm
 elif sys.platform == 'win32':
-    try:
-        import ctypes
-
-        SetConsoleTitleW = ctypes.windll.kernel32.SetConsoleTitleW
-        SetConsoleTitleW.argtypes = [ctypes.c_wchar_p]
-    
-        def _set_term_title(title):
-            """Set terminal title using ctypes to access the Win32 APIs."""
-            SetConsoleTitleW(title)
-    except ImportError:
-        def _set_term_title(title):
-            """Set terminal title using the 'title' command."""
-            global ignore_termtitle
-
-            try:
-                # Cannot be on network share when issuing system commands
-                curr = os.getcwd()
-                os.chdir("C:")
-                ret = os.system("title " + title)
-            finally:
-                os.chdir(curr)
-            if ret:
-                # non-zero return code signals error, don't try again
-                ignore_termtitle = True
+    import ctypes
+
+    SetConsoleTitleW = ctypes.windll.kernel32.SetConsoleTitleW

Source: GitHub Commit Details

Detection Methods for CVE-2023-24816

Indicators of Compromise

• Unusual process spawning from Python processes on Windows systems
• Unexpected shell commands executed following terminal title operations
• Evidence of os.system() calls with suspicious title parameters in application logs
• Process creation events showing command injection patterns with &, |, or ; characters

Detection Strategies

• Monitor for Python applications calling os.system() with user-controlled input containing shell metacharacters
• Implement application-level logging for all calls to IPython.utils.terminal.set_term_title
• Use endpoint detection to identify suspicious child process creation from Python interpreters
• Deploy static analysis tools to identify vulnerable IPython versions in your codebase

Monitoring Recommendations

• Enable process creation auditing on Windows systems running Python applications
• Monitor for unusual command patterns following title commands in command-line logs
• Implement alerting for applications using IPython versions prior to 8.1.0
• Review application dependencies to identify any usage of the vulnerable set_term_title function

How to Mitigate CVE-2023-24816

Immediate Actions Required

• Upgrade IPython to version 8.1.0 or later immediately
• Audit all applications using IPython as a library for calls to set_term_title
• Ensure all Python environments on Windows have ctypes available
• Implement input validation for any user-controlled data passed to terminal functions

Patch Information

The vulnerability has been patched in IPython version 8.1.0. The fix removes the vulnerable fallback code path that used os.system() and makes ctypes a hard requirement for setting terminal titles on Windows. The patch commit (385d69325319a5972ee9b5983638e3617f21cb1f) updates the __patched_cves__ set to include CVE-2023-24816:

# Security patch in IPython/__init__.py
# Source: https://github.com/ipython/ipython/commit/385d69325319a5972ee9b5983638e3617f21cb1f

 version_info = release.version_info
 # list of CVEs that should have been patched in this release.
 # this is informational and should not be relied upon.
-__patched_cves__ = {"CVE-2022-21699"}
+__patched_cves__ = {"CVE-2022-21699", "CVE-2023-24816"}

For more details, see the GitHub Security Advisory and the patch commit.

Workarounds

• Ensure that any calls to IPython.utils.terminal.set_term_title are made with trusted or properly filtered input
• Validate and sanitize all user input before passing to terminal-related functions
• If upgrading is not immediately possible, ensure ctypes is available in your Python environment to prevent the vulnerable fallback path
• Consider disabling terminal title functionality if not required by your application

# Configuration example - Upgrade IPython to patched version
pip install --upgrade ipython>=8.1.0

# Verify installed version
pip show ipython | grep Version

# Check if ctypes is available in your Python environment
python -c "import ctypes; print('ctypes available')"