Message372990
It seems that all versions of Python 3 are vulnerable to de-marshaling the attached file (Python file is included). I've tested on Python 3.10.0a0 (heads/master:b40e434, Jul 4 2020), Python 3.6.11 and Python 3.7.2. This is due to lack of proper validation at Objects/tupleobject.c:413 (heads/master:b40e434).
This is the result of GDB's Exploitable plugin (it's exploitable):
Description: Access violation during branch instruction
Short description: BranchAv (4/22)
Hash: e04b830dfb409a8bbf67bff96ff0df44.4d31b48b56e0c02ed51520182d91a457
Exploitability Classification: EXPLOITABLE
Explanation: The target crashed on a branch instruction, which may indicate that the control flow is tainted.
Other tags: AccessViolation (21/22) |
|
Date |
User |
Action |
Args |
2020-07-04 11:56:29 | Iman Sharafaldin | set | recipients:
+ Iman Sharafaldin |
2020-07-04 11:56:29 | Iman Sharafaldin | set | messageid: <1593863789.9.0.238701347914.issue41208@roundup.psfhosted.org> |
2020-07-04 11:56:29 | Iman Sharafaldin | link | issue41208 messages |
2020-07-04 11:56:29 | Iman Sharafaldin | create | |
|