New submission from Iman Sharafodin <iman.sharafo...@gmail.com>:
It seems that all versions of Python 3 are vulnerable to de-marshaling the attached file (Python file is included). I've tested on Python 3.10.0a0 (heads/master:b40e434, Jul 4 2020), Python 3.6.11 and Python 3.7.2. This is due to lack of proper validation at Objects/tupleobject.c:413 (heads/master:b40e434). This is the result of GDB's Exploitable plugin (it's exploitable): Description: Access violation during branch instruction Short description: BranchAv (4/22) Hash: e04b830dfb409a8bbf67bff96ff0df44.4d31b48b56e0c02ed51520182d91a457 Exploitability Classification: EXPLOITABLE Explanation: The target crashed on a branch instruction, which may indicate that the control flow is tainted. Other tags: AccessViolation (21/22) ---------- components: Interpreter Core files: Crash.zip messages: 372990 nosy: Iman Sharafodin priority: normal severity: normal status: open title: An exploitable segmentation fault in marshal module type: security versions: Python 3.10 Added file: https://bugs.python.org/file49295/Crash.zip _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue41208> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
