| Title | lm-sys FastChat v0.2.3 to v0.2.36 Deserialization |
|---|
| Description | FastChat is a platform for training, serving, and evaluating Large Language Models (LLMs). In the codebase of FastChat, specifically in the file fastchat/model/apply_delta.py at lines L37, L90, L97, and L102, the torch.load function is used in a dangerous way. When torch.load is used to load pickle data without the weights_only=True parameter, it can execute arbitrary code during the deserialization process. If an attacker manages to supply malicious pickle data to the torch.load calls in these lines, they can potentially take control of the system, leading to unauthorized access, data leakage, or other security - related issues.
More details: https://github.com/lm-sys/FastChat/issues/3713 |
|---|
| Source | ⚠️ https://github.com/lm-sys/FastChat/issues/3713 |
|---|
| User | ybdesire (UID 83239) |
|---|
| Submission | 04/07/2025 04:24 PM (1 Year ago) |
|---|
| Moderation | 04/16/2025 03:03 AM (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 304966 [lm-sys fastchat up to 0.2.36 apply_delta.py split_files/apply_delta_low_cpu_mem deserialization] |
|---|
| Points | 20 |
|---|