PyZMQ vulnerable server #129

mr-mosi · 2025-02-26T09:52:52Z

giacomo-doyensec · 2025-04-14T13:12:34Z

Hello @mr-mosi, thanks for your contribution!

While I was able to reproduce the issue using pyZMQ_exploit.py, I have a few suggestions to improve the testbed setup:

The server setup should be declared in a docker-compose file. This should be straightforward and will allow for easier reproducibility. With that in place, you can remove both setupEnv.sh and RunZmqServer.sh.
Please remove RunZmqExploit.sh and just document the commands to run the exploit under a Reproduction steps section in the README, together with an example payload command (could be a curl or just an echo to easily verify the issue).
Finally, please state explicitly that there is currently no safe version of the software. For instance, I was able to reproduce the issue on pyzmq==26.4.0 installed via pip install pyzmq.

giacomo-doyensec · 2025-04-25T12:51:36Z

Hello @mr-mosi, do you have any update on this?

mr-mosi · 2025-04-28T13:58:24Z

hello @giacomo-doyensec
thank you for reminding me about this PR.
the docker compose setup is ready now.

mrMosi added 2 commits February 26, 2025 04:49

PyZMQ vulnerable server

b0dc673

RunZmqExploit.sh is added now

467021b

mr-mosi mentioned this pull request Feb 28, 2025

AI PRP: pyZMQ deserialization RCE google/tsunami-security-scanner-plugins#608

Merged

we have docker compose setup now

35f6597

copybara-service bot merged commit 8b314fc into google:main Jul 31, 2025
3 checks passed

Provide feedback