Ella Rose‘s entry to the 2017 Underhanded Crypto Contest is an AEAD (authenticated encryption with associated data) encryption library written in Python. The crypto code itself is fine and bug-free, but the ciphertext is built using Python’s pickle format. Decoding untrusted pickles is well-known to enable remote-code-execution attacks. So, even though the logical ciphertext itself is protected from tampering with an HMAC, the pickle is not, and an attacker can modify the encoded ciphertext to execute arbitrary code when someone tries to decrypt it. I like this entry it’s totally possible that the pickle encoding/decoding would be marked “out of scope” in an audit, and the high-severity bug would go unnoticed.
You can find Ella Rose’s entire submission in the archive.