7 matches found
CVE-2026-14534
Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...
CVE-2026-14534 Fickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, site, atexit)
Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...
CVE-2026-14534
The CVE-2026-14534 issue affects the Python package fickling, up to version 0.1.10. The root cause is that the UNSAFE_IMPORTS denylist omits three standard library modules — _posixsubprocess, site, and atexit — causing check_safety() to return LIKELY_SAFE and allowing pickle payloads to deseriali...
EUVD-2026-41675
Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules posixsubprocess, site, and atexit in the UNSAFEIMPORTS denylist fickle.py. Because these modules are absent from the denylist, fickling's checksafety function returns LIKELYSAFE with zero...
PT-2026-55704
Name of the Vulnerable Software and Affected Versions Trail of Bits fickling versions 0.1.10 and earlier Description An improper input validation issue exists in the denylist logic used to analyze pickle opcode imports. The UNSAFE IMPORTS denylist in fickle.py fails to include critical Python...
GHSA-RP9H-RF7G-HWGR s2n-tls has undefined behavior at process exit
Impact s2n-tls uses the Linux atexit function to register functions that clean up the global state when the process exits. In multi-threaded environments, the atexit handler may clean up state which is still in use by other threads. When this occurs, the exiting process may experience a...
s2n-tls has undefined behavior at process exit
Impact s2n-tls uses the Linux atexit function to register functions that clean up the global state when the process exits. In multi-threaded environments, the atexit handler may clean up state which is still in use by other threads. When this occurs, the exiting process may experience a...