New submission from shuoz <[email protected]>:
python version:
Python 3.8.0a0 (heads/master:4ae8ece, Sep 13 2018, 09:48:16)
[GCC 5.4.0 20160609] on linux
I found a bug in python pickle.load func. Can cause memory exhaustion DDOS.
./python pk.py poc
cat ./pk.py
import pickle
import sys
filename = sys.argv[1]
with open(filename, 'rb') as f:
aa = pickle.load(f)
print(aa)
----------
components: FreeBSD
files: poc
messages: 325230
nosy: koobs, shuoz
priority: normal
severity: normal
status: open
title: memory exhaustion in Modules/_pickle.c:1393
type: security
versions: Python 3.8
Added file: https://bugs.python.org/file47801/poc
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue34656>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
