Impact
Picklescan before version 0.0.27 contains a parsing logic flaw in the function that lists global objects when processing pickle files. The flaw fails to correctly track arguments for the STACK_GLOBAL opcode, allowing an attacker to craft a pickle containing a STACK_GLOBAL opcode with its argument positioned at zero. When the scanner processes such a file it throws an unexpected exception, causing the detection routine to skip the offending pickle and report it as safe. This enables malicious pickle content to evade security controls, potentially leading to code execution or data exfiltration.
Affected Systems
The vulnerability affects the open‑source tool picklescan developed by mmaitre314. All installations running a version earlier than 0.0.27 are impacted, regardless of operating system or deployment environment.
Risk and Exploitability
The flaw carries a CVSS score of 9.3, indicating high severity, while the EPSS score is below 1%, suggesting that exploitation is unlikely but still possible. Picklescan is not listed in CISA’s KEV catalog. Attackers can exploit the vulnerability by supplying a specially crafted pickle that triggers the STACK_GLOBAL opcode exception, causing the scanner to bypass detection. The resulting security bypass could allow the attacker to deliver malicious payloads that might execute code or extract sensitive data.
OpenCVE Enrichment
Github GHSA