Patched zero-day memo exploit and bumped version (#23)

mmaitre314 · Dec 16, 2023 · ad6efbf · ad6efbf
1 parent 40001cd
commit ad6efbf
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/setup.cfg b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = picklescan
-version = 0.0.12
+version = 0.0.13
 author = Matthieu Maitre
 author_email = [email protected]
 description = Security scanner detecting Python Pickle files performing suspicious actions

diff --git a/src/picklescan/scanner.py b/src/picklescan/scanner.py
@@ -190,7 +190,7 @@ def _list_globals(data: IO[bytes], multiple_pickles=True) -> Set[Tuple[str, str]
             op_value = op[1]
 
             if op_name in ["MEMOIZE", "PUT", "BINPUT", "LONG_BINPUT"] and n > 0:
-                memo[len(memo)] = ops[n - 1][1]
+                memo[op_value] = ops[n - 1][1]
 
             if op_name in ("GLOBAL", "INST"):
                 globals.add(tuple(op_value.split(" ", 1)))