DeepDiff is a Python library designed for deep difference detection and searching within Python data structures. Between versions 5.0.0 and prior to 8.6.2, DeepDiff uses a custom pickle unpickler called _RestrictedUnpickler to safely deserialize data by restricting which classes can be loaded. However, while it restricts class types, it does not limit the size or content of constructor arguments for these classes. Some allowed classes, such as builtins.bytes, builtins.list, and builtins.range, have constructors that allocate memory proportional to their input size. An attacker can exploit this by crafting a malicious pickle payload as small as 40 bytes that, when deserialized, causes the application to allocate excessive memory (10+ GB). This uncontrolled resource consumption leads to denial of service via application crashes or system instability. The vulnerability is tracked as CWE-400 (Uncontrolled Resource Consumption) and has a CVSS 4.0 base score of 8.7, indicating high severity. Exploitation requires no privileges, no user interaction, and can be performed remotely by supplying malicious pickle data to affected deepdiff functions such as pickle_load. No known exploits are reported in the wild yet. The issue was patched in deepdiff version 8.6.2 by presumably adding limits on constructor argument sizes or improving deserialization safety.

This vulnerability can cause denial of service conditions in applications using vulnerable versions of deepdiff by exhausting system memory resources. Organizations that rely on deepdiff for data comparison or processing, especially those that deserialize pickle data from untrusted or external sources, face risks of application crashes, degraded performance, or complete service outages. This can disrupt business operations, cause downtime, and potentially lead to cascading failures in dependent systems. Since exploitation requires no authentication or user interaction, any exposed service or interface that processes pickle data with deepdiff is at risk. The impact is especially critical in environments with limited memory resources or where high availability is required. Additionally, attackers could leverage this vulnerability as part of multi-stage attacks to degrade defenses or distract incident response teams.

1. Upgrade all instances of deepdiff to version 8.6.2 or later, where the vulnerability is patched. 2. Avoid deserializing pickle data from untrusted or unauthenticated sources, as pickle inherently carries security risks. 3. Implement strict input validation and size limits on any data passed to deepdiff's deserialization functions. 4. Use alternative serialization formats that are safer and less prone to resource exhaustion, such as JSON or protobuf, when possible. 5. Employ runtime resource monitoring and limits (e.g., memory quotas, container limits) to detect and contain abnormal resource usage. 6. Review and harden any APIs or services that accept serialized data to ensure they do not expose deepdiff deserialization functionality to untrusted users. 7. Conduct code audits and penetration testing focusing on deserialization logic to identify similar risks. 8. Maintain up-to-date dependency management and vulnerability scanning to promptly detect and remediate such issues.