Lucene search
K
TrailofbitsFickling

7 matches found

CVE
CVE
added 2026/01/10 1:35 a.m.22 views

CVE-2026-22612

Summary of CVE-2026-22612 : Fickling (Python pickling decompiler/static analyzer) before version 0.1.7 is vulnerable to a detection bypass caused by “builtins” blindness. This allows crafted pickle payloads to bypass security analysis, as shown by example payloads that construct and execute code ...

9.3CVSS6.5AI score0.00264EPSS
CVE
CVE
added 2026/01/10 1:35 a.m.18 views

CVE-2026-22606

CVE-2026-22606 affects Fickling (Python pickling decompiler/static analyzer) up to version 0.1.6. The root cause is that the runpy module (including run_path and run_module) was not treated as unsafe, causing some malicious pickles to be classified as SUSPICIOUS rather than OVERTLY_MALICIOUS. Thi...

9.3CVSS6.8AI score0.00425EPSS
CVE
CVE
added 2026/01/10 1:35 a.m.18 views

CVE-2026-22608

CVE-2026-22608 (Fickling) affects the Python tool Fickling (pickling decompiler/static analyzer). Before version 0.1.7, ctypes and pydoc were not explicitly blocked, allowing chaining (via pydoc.locate to get ctypes.windll.kernel32.WinExec) to achieve remote code execution while the file is repor...

9.3CVSS6.5AI score0.00346EPSS
CVE
CVE
added 2026/01/10 1:35 a.m.18 views

CVE-2026-22609

Affected software/issue: Fickling (Python pickling decompiler/static analyzer) prior to v0.1.7. Root cause: unsafe_imports() in the static analyzer fails to flag several high-risk modules, allowing malicious pickles to bypass safety checks. Impact (as stated): potential arbitrary code execution v...

9.3CVSS7.8AI score0.00554EPSS
CVE
CVE
added 2025/12/16 12:39 a.m.15 views

CVE-2025-67748

Fickling CVE-2025-67748 describes a bypass in which the blocklist of unsafe imports did not include pty, allowing unsafe pickles using pty.spawn() to be misclassified as LIKELY_SAFE. The root cause is documented as the unsafe-imports check missing pty in version

8.5CVSS6.4AI score0.00235EPSS
CVE
CVE
added 2026/01/10 1:35 a.m.15 views

CVE-2026-22607

Summary (CVE-2026-22607 – Fickling) Fickling (Python pickling decompiler/static analyzer) versions up to and including 0.1.6 fail to treat the Python module cProfile as unsafe. This causes a malicious pickle using cProfile.run() to be classified as SUSPICIOUS rather than OVERTLY_MALICIOUS, potent...

9.3CVSS6.8AI score0.0044EPSS
CVE
CVE
added 2025/12/16 12:32 a.m.14 views

CVE-2025-67747

CVE-2025-67747 concerns Fickling, a Python pickle analysis tool. Multiple sources document that versions prior to 0.1.6 did not include marshal and types in the unsafe-import blocklist, allowing a crafted pickle to bypass safety checks due to missing detections for marshal.loads and types.Functio...

8.5CVSS7.2AI score0.00237EPSS