RestrictedPython Type Confusion Vulnerability Allowing Bypass of Sandbox Restrictions

A vulnerability in RestrictedPython versions 6.0 through 8.0 allows for sandbox escape by exploiting a type confusion bug in the CPython interpreter. This issue arises when using 'try/except*' clauses, creating a potential bypass of the restrictions that RestrictedPython is designed to enforce. The vulnerability is present in CPython versions 3.11 and prior to 3.13.2.

Impact

Exploitation of this vulnerability could lead to unauthorized bypass of the sandboxing restrictions that RestrictedPython is intended to enforce, allowing potentially malicious code to be executed in an unrestricted manner.

Reproduction

The vulnerability can be reproduced by using RestrictedPython in a Python environment with CPython versions 3.11 to prior 3.13.2. Introduce 'try/except*' clauses in the code, which will trigger the type confusion bug in the CPython interpreter. This can be done by creating a script that uses RestrictedPython to execute code containing 'try/except*' statements, effectively bypassing the intended restrictions.

Remediation

Users can upgrade to RestrictedPython version 8.0, which removes support for 'try/except*' clauses, addressing the vulnerability by preventing the exploitation method.