[issue41208] An exploitable segmentation fault in marshal module
STINNER Victor
report at bugs.python.org
Mon Jul 6 07:59:21 EDT 2020
STINNER Victor <vstinner at python.org> added the comment:
According to the Python Security Model, this issue is not security vulnerability:
(*) https://python-security.readthedocs.io/security.html#python-security-model
The marshal is not intended to be used to load untrusted code. That's why its documentation contains the red warning:
"The marshal module is not intended to be secure against erroneous or maliciously constructed data. Never unmarshal data received from an untrusted or unauthenticated source."
https://docs.python.org/dev/library/marshal.html
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue41208>
_______________________________________
More information about the Python-bugs-list
mailing list