GHSA-mxhj-88fx-4pcv: Fickling: OBJ opcode call invisibility bypasses all safety checks
Summary
Fickling, a tool for safely analyzing pickle files (Python's serialization format), has a critical vulnerability where the OBJ opcode (an instruction that calls functions) can execute dangerous code without being detected by any of Fickling's safety checks. The problem is that OBJ pushes function calls directly onto the interpreter's stack instead of recording them in the analysis structure (AST, or abstract syntax tree, which represents the code's structure), so when the result is discarded, the malicious call becomes invisible to all safety analysis.
Solution / Mitigation
The vulnerability is described as "a single missing `new_variable()` call in `Obj.run()` (`fickle.py:1333-1350`)." The source indicates that REDUCE opcodes correctly persist calls to the AST using `interpreter.new_variable(call)`, and OBJ should follow the same pattern. The assessment section mentions a commit (https://github.com/trailofbits/fickling/commit/ff423dade2bb1f72b2b48586c022fac40cbd9a4a) that updates "the interpreter so it behaves closer to CPython when dealing with `OBJ`, `NEWOBJ`, and `NEWOBJ_EX` opcodes," suggesting this addresses the fix, though the exact patched version is not explicitly stated in the source.
Classification
Affected Packages
Original source: https://github.com/advisories/GHSA-mxhj-88fx-4pcv
First tracked: February 24, 2026 at 07:00 PM
Classified by LLM (prompt v3) · confidence: 95%