Skip to content

Security: Nils1729/pwntools

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
latest dev
latest beta
latest stable
anything else

Reporting a Vulnerability

The aim of pwntools is exploiting software vulnerabilities, which is an unusual position, but it nevertheless can have its own security issues. Especially that an attacker (=re-victim) is usually not prepared to be attacked back (by the re-attacker).

The first question to ask yourself is: is this an actual vulnerability?

  • can it be triggered by a re-attacker (malicious honeypot pretending to be a vulnerable service)?
  • does it impact the attacker (=re-victim)?
  • is it serious?
    • availability: medium means at least exhausting RAM or disk space of the attacker (=re-victim)
    • confidentiality: medium means at least reading the filesystem of the attacker (=re-victim)
    • integrity: medium means at least performing uncontrolled actions or data corruption on behalf of the attacker (=re-victim)
    • if crucial for some sophisticated exploit chain, it is always serious
    • safe_eval bypasses are serious.
    • an example of what was kind of serious: #1732
  • can it be fixed without compromising on Pwntools' usability?

If at least one of the answers is no, then this is NOT a vulnerability, so just file a bug report or feature request, without the weird confidential disclosure dance.

Just e-mail the maintainers. Arusekk is the one that is currently the most excited to fix vulnerabilities. Or create a CTF task! Prove a point the good old hacker way!

There aren’t any published security advisories