Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-4vr7-g93g-cf6m

GitHub Security Advisory

Duplicate Advisory: Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check

✓ GitHub Reviewed CRITICAL Withdrawn
View on GitHub

Advisory Details

### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references.

### Original Description
An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC), which causes the scanner to halt and fail to analyze the contents for malicious pickle files. When the file incorrectly considered safe is loaded, it can lead to the execution of malicious code.

Affected Packages

PyPI picklescan
Affected versions: 0 (fixed in 0.0.31)

Key Information

GHSA ID
GHSA-4vr7-g93g-cf6m
Published
September 17, 2025 12:30 PM
Last Modified
September 17, 2025 8:24 PM
CVSS Score
9.0 /10
Primary Ecosystem
PyPI
Primary Package
picklescan
GitHub Reviewed
✓ Yes
Withdrawn
September 17, 2025 8:24 PM

Dataset

Last updated: September 18, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.