Fickling Python Pickling Decompiler cProfile Misclassification Vulnerability Allowing Arbitrary Code Execution

A vulnerability exists in Fickling, a Python pickling decompiler and static analyzer, in versions through 0.1.6. The issue arises because these versions do not recognize Python's cProfile module as unsafe. This oversight allows a malicious pickle that utilizes cProfile.run() to be labeled as SUSPICIOUS rather than OVERTLY_MALICIOUS. Users who depend on Fickling's analysis to determine the safety of a pickle before deserialization may inadvertently execute attacker-controlled code. This vulnerability impacts any workflow or product that uses Fickling to assess pickle files for security risks.

Impact

Exploitation of this vulnerability leads to arbitrary code execution on the user's system, bypassing Fickling's intended safety checks. The cProfile module, when misclassified, allows for the execution of code embedded within pickled objects, creating a significant security risk.

Reproduction

To reproduce this vulnerability, first create a pickle file using Fickling version 0.1.6 or earlier. The pickle should include a payload that calls cProfile.run() with a code string that, when executed, confirms the successful execution of the code (e.g., printing a message). Once the malicious pickle is created, analyze it with Fickling. The output will indicate a SUSPICIOUS severity, demonstrating the bypass. Finally, load the pickle using Python's pickle module to execute the embedded code, confirming the arbitrary code execution.

Remediation

Users can upgrade to Fickling version 0.1.7 or later, where this vulnerability has been addressed.