Message325230
python version:
Python 3.8.0a0 (heads/master:4ae8ece, Sep 13 2018, 09:48:16)
[GCC 5.4.0 20160609] on linux
I found a bug in python pickle.load func. Can cause memory exhaustion DDOS.
./python pk.py poc
cat ./pk.py
import pickle
import sys
filename = sys.argv[1]
with open(filename, 'rb') as f:
aa = pickle.load(f)
print(aa) |
|
Date |
User |
Action |
Args |
2018-09-13 04:38:47 | shuoz | set | recipients:
+ shuoz, koobs |
2018-09-13 04:38:47 | shuoz | set | messageid: <1536813527.13.0.956365154283.issue34656@psf.upfronthosting.co.za> |
2018-09-13 04:38:46 | shuoz | link | issue34656 messages |
2018-09-13 04:38:46 | shuoz | create | |
|