4 matches found
Remote Code Execution (RCE)
fickling is vulnerable to Remote Code Execution RCE. The vulnerability is due to the failure to explicitly block dangerous modules such as ctypes and pydoc, which allows an attacker to chain pydoc.locate with ctypes during pickle analysis to achieve RCE while the malicious pickle file is still...
PT-2026-2228
Name of the Vulnerable Software and Affected Versions Fickling versions prior to 0.1.7 Description Fickling, a Python pickling decompiler and static analyzer, does not explicitly block the ctypes and pydoc modules in versions prior to 0.1.7. Combining these modules can lead to Remote Code Executi...
Fickling 代码问题漏洞
Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. A code issue vulnerability exists in versions of Fickling prior to 0.1.7 that stems from not explicitly blocking the ctypes and pydoc modules, which could lead to remote code execution...
GHSA-5HVC-6WX8-MVV4 Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection
Fickling's assessment pydoc and ctypes were added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/b793563e60a5e039c5837b09d7f4f6b92e6040d1. Original report Summary Both ctypes and pydoc modules arent explictly blocked. Even other existing pickle scanning tools like...