CVE-2023-43364 – CVE-2023-43364 is a critical remote code execut... (How to Fix)

📋 TL;DR

CVE-2023-43364 is a critical remote code execution vulnerability in Searchor's main.py that uses eval() on untrusted CLI input. This allows attackers to execute arbitrary commands on systems running vulnerable versions. Anyone using Searchor 2.4.1 or earlier is affected.

💻 Affected Systems

Products:

Searchor

Versions: All versions before 2.4.2

Operating Systems: All platforms where Searchor runs

Default Config Vulnerable: ⚠️ Yes

Notes: Any installation using the vulnerable main.py file is affected regardless of configuration.

📦 What is this software?

Searchor by Arjunsharda

View all CVEs affecting Searchor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the affected system, allowing data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Remote code execution leading to data exfiltration, cryptocurrency mining, or botnet enrollment.

🟢

If Mitigated

No impact if patched or proper input validation is implemented.

🌐 Internet-Facing: HIGH - Directly exploitable via command line input without authentication.

🏢 Internal Only: HIGH - Even internal systems can be exploited by users with CLI access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Multiple public proof-of-concept exploits exist demonstrating arbitrary command execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.2

Vendor Advisory: https://github.com/advisories/GHSA-66m2-493m-crh2

Restart Required: No

Instructions:

1. Update Searchor using pip: pip install --upgrade searchor==2.4.2
2. Verify installation: pip show searchor
3. Confirm version is 2.4.2 or higher

🔧 Temporary Workarounds

Input Validation Wrapper

linux

Create a wrapper script that sanitizes input before passing to Searchor

#!/bin/bash
# Validate input contains only alphanumeric characters
if [[ "$1" =~ ^[a-zA-Z0-9\s]+$ ]]; then
    searchor "$1"
else
    echo "Invalid input"
fi

🧯 If You Can't Patch

Remove Searchor from production systems immediately
Implement strict network segmentation to isolate affected systems

🔍 How to Verify

Check if Vulnerable:

Check Searchor version: pip show searchor | grep Version

Check Version:

pip show searchor | grep Version

Verify Fix Applied:

Confirm version is 2.4.2 or higher: pip show searchor | grep Version

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns from Searchor process
Suspicious system commands in Searchor logs

Network Indicators:

Outbound connections to suspicious IPs from Searchor process
Unexpected data exfiltration

SIEM Query:

process.name:"python" AND process.args:"searchor" AND process.args:"eval"

📊 Metadata

CVE ID: CVE-2023-43364

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-74

Published: December 12, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/ArjunSharda/Searchor/commit/16016506f7bf92b0f21f51841d599126d6fcd15b Patch
https://github.com/ArjunSharda/Searchor/pull/130 Issue Tracking,Patch
https://github.com/advisories/GHSA-66m2-493m-crh2 Vendor Advisory
https://github.com/nexis-nexis/Searchor-2.4.0-POC-Exploit- Exploit
https://github.com/nikn0laty/Exploit-for-Searchor-2.4.0-Arbitrary-CMD-Injection Exploit
https://github.com/ArjunSharda/Searchor/commit/16016506f7bf92b0f21f51841d599126d6fcd15b Patch
https://github.com/ArjunSharda/Searchor/pull/130 Issue Tracking,Patch
https://github.com/advisories/GHSA-66m2-493m-crh2 Vendor Advisory
https://github.com/nexis-nexis/Searchor-2.4.0-POC-Exploit- Exploit
https://github.com/nikn0laty/Exploit-for-Searchor-2.4.0-Arbitrary-CMD-Injection Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43364, you might also want to check these: