9 matches found
CVE-2025-71359
The CVE concerns the Python package picklescan prior to version 0.0.29, where the vulnerability lies in deserializing pickle payloads that leverage lib2to3.pgen2.grammar.Grammar.loads within the reduce method. This can enable remote code execution during pickle.load() , by crafting pickle files t...
CVE-2025-71359
picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load...
EUVD-2025-210416
picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load...
CVE-2025-71343
CVE-2025-71343 affects picklescan prior to 0.0.30. The issue arises from a weakness in detecting malicious pickle payloads that exploit lib2to3.pgen2.pgen.ParserGenerator.make_label in the reduce method, enabling attackers to craft pickle files that evade detection and execute arbitrary commands ...
Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label
Summary Using lib2to3.pgen2.pgen.ParserGenerator.makelabel function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...
GHSA-P9W7-82W4-7Q8M Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label
Summary Using lib2to3.pgen2.pgen.ParserGenerator.makelabel function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...
Picklescan has a missing detection when calling built-in python lib2to3.pgen2.grammar.Grammar.loads
Summary Using lib2to3.pgen2.grammar.Grammar.loads, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to lib2to3.pgen2.grammar.Grammar.loads function in reduce meth...
GHSA-F54Q-57X4-JG88 Picklescan has a missing detection when calling built-in python lib2to3.pgen2.grammar.Grammar.loads
Summary Using lib2to3.pgen2.grammar.Grammar.loads, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to lib2to3.pgen2.grammar.Grammar.loads function in reduce meth...
python security, bug fix, and enhancement update
python: 2.6.6-20 Resolves: CVE-2010-3493 2.6.6-19 Resolves: CVE-2011-1015 2.6.6-18 Resolves: CVE-2011-1521 2.6.6-17 - recompile against systemtap 1.4 Related: rhbz569695 2.6.6-16 - recompile against systemtap 1.4 Related: rhbz569695 2.6.6-15 - fix race condition that sometimes breaks the build wi...