This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author shuoz
Recipients koobs, shuoz
Date 2018-09-13.04:38:46
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
python version:
   Python 3.8.0a0 (heads/master:4ae8ece, Sep 13 2018, 09:48:16) 
   [GCC 5.4.0 20160609] on linux

I found a bug in python pickle.load func. Can cause memory exhaustion DDOS.

./python poc

cat ./
import pickle
import sys
filename = sys.argv[1]
with open(filename, 'rb') as f:
    aa = pickle.load(f)
Date User Action Args
2018-09-13 04:38:47shuozsetrecipients: + shuoz, koobs
2018-09-13 04:38:47shuozsetmessageid: <>
2018-09-13 04:38:46shuozlinkissue34656 messages
2018-09-13 04:38:46shuozcreate