CVE-2024-8375: 
Python vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in Reverb, identified as CVE-2024-8375. The vulnerability exists in the handling of VARIANT datatype tensors during deserialization. The issue was discovered and disclosed in September 2024, affecting the Reverb server and client components that handle tensor proto unpacking (Reverb Issue).

The vulnerability occurs when handling tensor protos of type VARIANT, which is designed to represent arbitrary objects in C++. During the unpacking process, memory is first allocated to store the entire tensor, and a constructor is called on each instance. Subsequently, Reverb copies the content from tensorcontent to the pre-allocated memory, which results in the bytes in tensorcontent overwriting the vtable pointers of previously allocated objects. The vulnerability has been assigned a CVSS v4.0 score of 5.7 (Medium) with the vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N (NVD).

When exploited, the vulnerability allows an attacker to gain control of the Program Counter when any method on the affected object is called, including its destructor. This can lead to arbitrary code execution within the context of the client application (Reverb Issue).

The vulnerability has been fixed in commit 6a0dcf4c9e842b7f999912f792aaa6f6bd261a25, which implements restrictions on compression/decompression to only support scalar types, explicitly disallowing VARIANT and resource dtypes. Users are recommended to upgrade to a version containing this fix (Reverb Commit).