shared × unstructured — bad data written permanently, and it spreads

Untrusted Deserialization Across a Boundary

Deserializing bytes that crossed a trust boundary turns a payload into live objects.

01the recipe

In the wild

compound ofFile & Network AccessCWE-345 Unverified AuthenticityInsecure DeserializationCWE-913compoundCWE-502 Unsafe Deserialization

example.py

# SMELL: deserialize bytes that crossed a trust boundary.
# (file-network-access x insecure-deserialization)
data = pickle.loads(sock.recv(4096))   # attacker-controlled bytes ->
                                       # arbitrary objects / code on load

# RIGHT: use a data-only format and validate the result.
data = json.loads(sock.recv(4096))     # no code execution on parse
record = Record(**validate(data))      # then check the shape

Untrusted input (unstructured) arriving over the network (shared boundary) executes during load. The corruption is the foreign object graph now inside your process.

// observed

pickle: a crafted payload runs code during load
json:   inert data; validated before use

02weakness catalog

Mapped weaknesses (CWE)

On its own, this defect is catalogued by MITRE as one or more of these weaknesses. The exploitable vulnerability usually appears only when it chains or combines with another.