GHSA-CQ46-M9X9-J8W2

Vulnerability from github – Published: 2025-10-22 16:45 – Updated: 2025-10-23 20:10
VLAI
Summary
Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization
Details

Summary

An unsafe deserialization vulnerability in Scapy <v2.7.0 allows attackers to execute arbitrary code when a malicious session file is locally loaded via the -s option. This requires convincing a user to manually load a malicious session file.


Details

Scapy’s interactive shell supports session loading using gzip-compressed pickle files:

./run_scapy -s <session_file.pkl.gz>

Internally, this triggers:

# main.py
SESSION = pickle.load(gzip.open(session_name, "rb"))

Since no validation or restriction is performed on the deserialized object, any code embedded via __reduce__() will be executed immediately. This makes it trivial for an attacker to drop a malicious .pkl.gz in a shared folder and have it executed by unsuspecting users.

The vulnerability exists in the load_session function, which deserializes data using pickle.load() on .pkl.gz files provided via the -s CLI flag or programmatically through conf.session.

Affected lines in source code: https://github.com/secdev/scapy/blob/master/scapy/main.py#L569-L572

try:
    s = pickle.load(gzip.open(fname, "rb"))
except IOError:
    try:
        s = pickle.load(open(fname, "rb"))

Impact

This is a classic deserialization vulnerability which leads to Code Execution (CE) when untrusted data is deserialized.

Any user who can trick another user into loading a crafted .pkl.gz session file (e.g. via -s option) can execute arbitrary Python code.

  • Vulnerability type: Insecure deserialization (Python pickle)
  • CWE: CWE-502: Deserialization of Untrusted Data
  • CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVSS Score: 5.4 (Medium)
  • Impact: Arbitrary Code Execution
  • Attack vector: Local or supply chain (malicious .pkl.gz)
  • Affected users: Any user who loads session files (even interactively)
  • Affected version: Scapy v2.6.1

Mitigations

  • Do not use 'sessions' (the -s option when launching Scapy).
  • Use the Scapy 2.7.0+ where the session mechanism has been removed.
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "scapy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-22T16:45:49Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nAn unsafe deserialization vulnerability in Scapy \u003cv2.7.0 allows attackers to execute arbitrary code **when a malicious session file is locally loaded via the `-s` option**. This requires convincing a user to manually load a malicious session file.\n\n---\n\n### Details\n\nScapy\u2019s interactive shell supports session loading using gzip-compressed pickle files:\n\n```bash\n./run_scapy -s \u003csession_file.pkl.gz\u003e\n```\n\nInternally, this triggers:\n\n```python\n# main.py\nSESSION = pickle.load(gzip.open(session_name, \"rb\"))\n```\n\nSince no validation or restriction is performed on the deserialized object, **any code embedded via `__reduce__()` will be executed immediately**. This makes it trivial for an attacker to drop a malicious `.pkl.gz` in a shared folder and have it executed by unsuspecting users.\n\nThe vulnerability exists in the `load_session` function, which deserializes data using `pickle.load()` on `.pkl.gz` files provided via the `-s` CLI flag or programmatically through `conf.session`.\n\n**Affected lines in source code**:\nhttps://github.com/secdev/scapy/blob/master/scapy/main.py#L569-L572\n\n```python\ntry:\n    s = pickle.load(gzip.open(fname, \"rb\"))\nexcept IOError:\n    try:\n        s = pickle.load(open(fname, \"rb\"))\n```\n\n### Impact\n\nThis is a classic deserialization vulnerability which leads to Code Execution (CE) when untrusted data is deserialized.\n\nAny user who can trick another user into loading a crafted `.pkl.gz` session file (e.g. via `-s` option) can execute arbitrary Python code.\n\n- **Vulnerability type:** Insecure deserialization (Python `pickle`)\n- **CWE**: [CWE-502: Deserialization of Untrusted Data](https://cwe.mitre.org/data/definitions/502.html)\n- **CVSS v4.0 Vector**: `CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N`\n- **CVSS Score**: 5.4 (Medium)\n- **Impact:** Arbitrary Code Execution\n- **Attack vector:** Local or supply chain (malicious `.pkl.gz`)\n- **Affected users:** Any user who loads session files (even interactively)\n- **Affected version:** **Scapy v2.6.1**\n\n---\n\n### Mitigations\n\n- Do not use \u0027sessions\u0027 (the -s option when launching Scapy).\n- Use the Scapy 2.7.0+ where the session mechanism has been removed.",
  "id": "GHSA-cq46-m9x9-j8w2",
  "modified": "2025-10-23T20:10:45Z",
  "published": "2025-10-22T16:45:49Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/secdev/scapy/security/advisories/GHSA-cq46-m9x9-j8w2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/secdev/scapy/commit/13621d1145b3435e9d03caf20997107a84435c0b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/secdev/scapy"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…