Author Iman Sharafaldin
Recipients Iman Sharafaldin
Date 2020-07-04.11:56:29
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1593863789.9.0.238701347914.issue41208@roundup.psfhosted.org>
In-reply-to
Content
It seems that all versions of Python 3 are vulnerable to de-marshaling the attached file (Python file is included). I've tested on Python 3.10.0a0 (heads/master:b40e434, Jul  4 2020), Python 3.6.11 and Python 3.7.2. This is due to lack of proper validation at Objects/tupleobject.c:413 (heads/master:b40e434).
 
This is the result of GDB's Exploitable plugin (it's exploitable):
Description: Access violation during branch instruction
Short description: BranchAv (4/22)
Hash: e04b830dfb409a8bbf67bff96ff0df44.4d31b48b56e0c02ed51520182d91a457
Exploitability Classification: EXPLOITABLE
Explanation: The target crashed on a branch instruction, which may indicate that the control flow is tainted.
Other tags: AccessViolation (21/22)
History
Date User Action Args
2020-07-04 11:56:29Iman Sharafaldinsetrecipients: + Iman Sharafaldin
2020-07-04 11:56:29Iman Sharafaldinsetmessageid: <1593863789.9.0.238701347914.issue41208@roundup.psfhosted.org>
2020-07-04 11:56:29Iman Sharafaldinlinkissue41208 messages
2020-07-04 11:56:29Iman Sharafaldincreate