[New-bugs-announce] [issue34656] memory exhaustion in Modules/_pickle.c:1393
shuoz
report at bugs.python.org
Thu Sep 13 00:38:47 EDT 2018
New submission from shuoz <zzw20124321 at gmail.com>:
python version:
Python 3.8.0a0 (heads/master:4ae8ece, Sep 13 2018, 09:48:16)
[GCC 5.4.0 20160609] on linux
I found a bug in python pickle.load func. Can cause memory exhaustion DDOS.
./python pk.py poc
cat ./pk.py
import pickle
import sys
filename = sys.argv[1]
with open(filename, 'rb') as f:
aa = pickle.load(f)
print(aa)
----------
components: FreeBSD
files: poc
messages: 325230
nosy: koobs, shuoz
priority: normal
severity: normal
status: open
title: memory exhaustion in Modules/_pickle.c:1393
type: security
versions: Python 3.8
Added file: https://bugs.python.org/file47801/poc
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue34656>
_______________________________________
More information about the New-bugs-announce
mailing list