Description
picklescan before 0.0.27 contains a parsing logic error in the _list_globals function when handling STACK_GLOBAL opcodes, failing to track arguments in the correct range and allowing malicious pickle files to bypass detection. Attackers can craft pickle files with arguments at position zero to trigger unexpected exceptions and evade security scanning.
Problem types
Product status
Any version before 0.0.27
0.0.27 (semver)
Credits
Lyutoon
References
github.com/...lescan/security/advisories/GHSA-9gvj-pp9x-gcfr
github.com/...lescan/security/advisories/GHSA-9gvj-pp9x-gcfr (GHSA Advisory GHSA-9gvj-pp9x-gcfr)
github.com/...ommit/2a8383cfeb4158567f9770d86597300c9e508d0f
www.vulncheck.com/...-stack-global-opcode-parsing-logic-flaw (VulnCheck Advisory: picklescan - Detection Bypass via STACK_GLOBAL Opcode Parsing Logic Flaw)