CVE-2022-48078 – CVE-2022-48078 is a critical stack overflow vul... (How to Fix)

Q: What is the severity of CVE-2022-48078?

CVE-2022-48078 has a CVSS score of 9.8 (CRITICAL). CVE-2022-48078 is a critical stack overflow vulnerability in pycdc, a Python decompiler tool. Attackers can exploit this vulnerability by providing malicious Python bytecode files, potentially leading to arbitrary code execution. Anyone using pycdc to decompile untrusted Python bytecode files is affected.

📋 TL;DR

CVE-2022-48078 is a critical stack overflow vulnerability in pycdc, a Python decompiler tool. Attackers can exploit this vulnerability by providing malicious Python bytecode files, potentially leading to arbitrary code execution. Anyone using pycdc to decompile untrusted Python bytecode files is affected.

💻 Affected Systems

Products:

pycdc (Python decompiler)

Versions: All versions up to commit 44a730f3a889503014fec94ae6e62d8401cb75e5

Operating Systems: All platforms where pycdc runs (Linux, Windows, macOS)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where pycdc is installed and used to decompile Python bytecode files. The vulnerability is in the ASTree.cpp component's BuildFromCode function.

📦 What is this software?

Pycdc by Pycdc Project

View all CVEs affecting Pycdc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the pycdc process, potentially leading to full system compromise if pycdc runs with elevated privileges.

🟠

Likely Case

Application crash (denial of service) when processing malicious bytecode files, with potential for code execution in specific configurations.

🟢

If Mitigated

Limited impact if pycdc runs in sandboxed environments with minimal privileges and only processes trusted bytecode files.

🌐 Internet-Facing: MEDIUM - pycdc is typically used as a developer tool rather than an internet-facing service, but web applications that accept bytecode uploads for decompilation could be vulnerable.

🏢 Internal Only: MEDIUM - Internal developers using pycdc on untrusted bytecode files could be affected, but the tool is not typically deployed in production environments.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The GitHub issue contains technical details and proof-of-concept. Exploitation requires providing malicious Python bytecode files to pycdc.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit 44a730f3a889503014fec94ae6e62d8401cb75e5

Vendor Advisory: https://github.com/zrax/pycdc/issues/295

Restart Required: No

Instructions:

1. Update pycdc to the latest version from the official GitHub repository. 2. Rebuild from source if using compiled binaries. 3. Replace any existing pycdc binaries with the updated version.

🔧 Temporary Workarounds

Restrict pycdc usage

all

Limit pycdc to only process trusted Python bytecode files from verified sources.

Run with reduced privileges

linux

Execute pycdc with minimal user privileges to limit potential damage from exploitation.

sudo -u lowprivilegeuser pycdc [options]

🧯 If You Can't Patch

Discontinue use of pycdc for decompiling untrusted bytecode files
Implement strict input validation and sandboxing for any pycdc execution

🔍 How to Verify

Check if Vulnerable:

Check pycdc version or commit hash. If using commit 44a730f3a889503014fec94ae6e62d8401cb75e5 or earlier, you are vulnerable.

Check Version:

pycdc --version (if available) or check git commit hash in source directory

Verify Fix Applied:

Verify you have a version after commit 44a730f3a889503014fec94ae6e62d8401cb75e5 by checking git log or version information.

📡 Detection & Monitoring

Log Indicators:

Segmentation faults or abnormal termination of pycdc processes
Large stack usage warnings in system logs

Network Indicators:

Unusual network connections originating from pycdc processes if RCE is achieved

SIEM Query:

Process:name='pycdc' AND (EventID=1000 OR EventID=1001) OR Process:name='pycdc' AND Network:outbound=true

📊 Metadata

CVE ID: CVE-2022-48078

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 6, 2023

Last Updated: March 26, 2025

🔗 References

https://github.com/zrax/pycdc/issues/295 Exploit,Third Party Advisory
https://github.com/zrax/pycdc/issues/295 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-48078, you might also want to check these: