The Whirlpool hash implementation in openssl_encrypt/modules/registry/hash_registry.py at lines 570-589 uses glob patterns to find .so modules in site-packages and loads the first match via importlib without verifying module integrity.
for site_pkg in site.getsitepackages():
pattern = os.path.join(site_pkg, "whirlpool*py313*.so")
py313_modules = glob.glob(pattern)
if py313_modules:
module_path = py313_modules[0] # Takes first match
loader = ExtensionFileLoader("whirlpool", module_path)
spec = importlib.util.spec_from_file_location("whirlpool", module_path, loader=loader)
whirlpool_module = importlib.util.module_from_spec(spec)
spec.loader.exec_module(whirlpool_module)
The glob pattern "whirlpool*py313*.so" is broad and takes the first match without verifying:
- File hash/signature
- File ownership/permissions
- Whether it's a legitimate module
If an attacker can place a malicious .so file matching this pattern in any site-packages directory, it will be loaded and native code executed.
Fixed in commit 963d0d1 on branch releases/1.4.x — added os.path.realpath() to resolve symlinks and validation that found .so files are within known site-packages directories before loading.
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 6.6 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-j48q-4c78-rhf9 ↗ |
| CWE id | Name |
|---|---|
| CWE-427 | Uncontrolled Search Path Element |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| pip | openssl-encrypt | < 1.4.0 | 1.4.0 | — |