Listen to this Post
The vulnerability exploits the ZIP scanning module in picklescan. An attacker creates a malicious ZIP archive containing a file with a deliberately corrupted Cyclic Redundancy Check (CRC) value. When picklescan attempts to scan this archive, it encounters the bad CRC. Due to improper exception handling, this error causes the entire scanning process to halt abruptly instead of gracefully logging the error and continuing. This early termination means the scanner fails to extract and analyze the subsequent files within the archive, including any malicious pickle objects. Consequently, the malicious archive is incorrectly marked as safe. If a user is tricked into loading this seemingly safe file, the embedded malicious pickle code is executed during the unpickling process, leading to remote code execution.
Platform: Picklescan
Version: < 0.0.3
Vulnerability: Scan Bypass
Severity: Critical
date: 2024-04-10
Prediction: 2024-05-01
What Undercode Say:
python -m picklescan --path malicious.zip [bash] CRC check failed for file "bad_crc_file.pkl", scanning aborted. Scan complete: 0 files scanned, 0 threats found.
Malicious ZIP creation (conceptual)
import zipfile
with zipfile.ZipFile('malicious.zip', 'w') as zf:
Write file with incorrect CRC
zf.writestr('payload.pkl', malicious_pickle_data)
Force a bad CRC value for the file entry
... code to manipulate CRC field in local file header ...
How Exploit:
Craft ZIP with bad CRC.
Bypasses security scan.
Leads to RCE.
Protection from this CVE
Update to v0.0.3.
Do not load untrusted files.
Validate archives separately.
Impact:
Remote Code Execution.
Security Scan Bypass.
System Compromise.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

