Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
picklescan ZIP archive manipulation attack leads to crash
Vulnerability Description
picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan raise a BadZipFile error. However, PyTorch's more forgiving ZIP implementation still allows the model to be loaded, enabling malicious payloads to bypass detection.
CVSS Information
N/A
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
picklescan 数据伪造问题漏洞
Vulnerability Description
picklescan是Matthieu Maitre个人开发者的一个安全扫描程序。 picklescan 0.0.23之前版本存在数据伪造问题漏洞,该漏洞源于ZIP文件操作可能导致崩溃,从而绕过恶意载荷检测。
CVSS Information
N/A
Vulnerability Type
N/A