CNNVD-202601-1768 Information

CNNVD ID

CNNVD-202601-1768

Related CVE

CVE-2026-22607

• CNNVD Published: 2026-01-10

Description (Chinese)

Fickling是Trail of Bits开源的一个Python的反编译器和静态分析器。 Fickling 0.1.6及之前版本存在代码问题漏洞，该漏洞源于未将cProfile模块标记为不安全，可能导致执行攻击者控制的代码。

Description (English)

Pickling is a Python back compiler and static analyser of Trail of Bits open source. Pickling 0.1.6 and previous versions had a code gap, which stemmed from the failure to mark the cProfile module as unsafe and could lead to the implementation of the code controlled by the attackers.

Hazard Level

Low

Vulnerability Type

代码问题

Affected Vendor

Trail of Bits

Published

2026-01-10

Last Modified

2026-02-24

References

https://github.com/trailofbits/fickling/commit/dc8ae12966edee27a78fe05c5745171a2b138d43 https://github.com/trailofbits/fickling/releases/tag/v0.1.7 https://github.com/trailofbits/fickling/security/advisories/GHSA-p523-jq9w-64x9

Patch

https://github.com/trailofbits/fickling/releases