2 matches found
CVE-2026-5713 Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target
The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...
Picklescan is missing detection when calling built-in python cProfile.run
Summary Using cProfile.run function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.run function in reduce method Then when the victim after checkin...