[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode
Serhiy Storchaka
report at bugs.python.org
Sun Jul 26 10:19:49 EDT 2020
Serhiy Storchaka <storchaka+cpython at gmail.com> added the comment:
I do not think it is a security issue. The crash cannot be triggered by the user input unless you accept the pickle data from untrusted sources, but in that case you are in large danger, because you allow executing arbitrary code.
The changes in this issue just help to debug in some cases when you play with pickle format. In any case thank you for your report.
----------
status: open -> closed
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue41288>
_______________________________________
More information about the Python-bugs-list
mailing list