| tags: | |
| - security-research | |
| - vulnerability-poc | |
| # msgpack-numpy RCE PoC (CWE-502) | |
| **DO NOT LOAD THIS FILE IN AN UNCONTROLLED ENVIRONMENT** | |
| This repository contains a proof-of-concept `.msgpack` file that demonstrates arbitrary code execution via `msgpack_numpy.unpackb()`. | |
| ## Vulnerability | |
| `msgpack_numpy.decode()` at line 99-100 calls `pickle.loads(obj[b'data'])` with zero validation when `obj[b'kind'] == b'O'`. An attacker who distributes a crafted `.msgpack` file causes any victim process that loads it with `msgpack_numpy.unpackb()` to execute arbitrary code. | |
| ## Reproduction | |
| ```python | |
| import msgpack_numpy | |
| import msgpack | |
| data = open("malicious.msgpack", "rb").read() | |
| msgpack_numpy.unpackb(data, raw=False) # RCE triggers here | |
| # Creates /tmp/msgpack-rce-proof.txt with content "EXPLOITED" | |
| ``` | |
| ## Affected | |
| - msgpack-numpy 0.4.8 (latest, all versions affected) | |
| - 842,000 monthly PyPI downloads | |
| - Unmaintained since July 2024 | |