Описание
vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object
vllm-project vllm version 0.6.0 contains a vulnerability in the distributed training API. The function vllm.distributed.GroupCoordinator.recv_object() deserializes received object bytes using pickle.loads() without sanitization, leading to a remote code execution vulnerability.
Maintainer perspective
Note that vLLM does NOT use the code as described in the report on huntr. The problem only exists if you use these internal APIs in a way that exposes them to a network as described. The vllm team was not involved in the analysis of this report and the decision to assign it a CVE.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-9052
- https://github.com/github/advisory-database/pull/5444
- https://github.com/vllm-project/vllm/blob/32e7db25365415841ebc7c4215851743fbb1bad1/vllm/distributed/parallel_state.py#L480
- https://github.com/vllm-project/vllm/blob/v0.8.1/vllm/distributed/parallel_state.py#L457
- https://huntr.com/bounties/ea75728f-4efe-4a3d-9f53-33f2c908e9f8
Пакеты
vllm
<= 0.8.1
Отсутствует
Связанные уязвимости
A flaw was found in the vLLM distributed training API. This vulnerability allows remote code execution via unsafe deserialization, which uses pickle.loads() without sanitization.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.