Skip to content
/ Python3-Interpreter-Research Public

Security research/proof of concept code for analysis of the Python3 interpreter. Primarily for Layer 1 Conference, 2023.

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

natesinger/Python3-Interpreter-Research

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
1-cache-poisioning
1-cache-poisioning
 
 
2-stable-abi-overflows
2-stable-abi-overflows
 
 
3-pip3-typosquatting
3-pip3-typosquatting
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Python3-Interpreter-Research

Security research/proof of concept code for analysis of the Python3 interpreter. Prepared for the Layer 1 Security Conference in Los Angeles, California 2023.

The official slides are available here.

(CVSS_8.4) PyCache Poisoning

Bad bytecode validation leading to injecting the cache for code exec.

(CVSS_4.2) Stable ABI Overflows

Stack and Heap abuse in the ABI for wrapping C code (Numpy, etc)

(CVSS_6.5) Pip3 Typosquatting

Tests performed on Pip3 packages and the issue with limited verification.

About

Security research/proof of concept code for analysis of the Python3 interpreter. Primarily for Layer 1 Conference, 2023.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages