CVE-2024-9053

vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls the function _make_handler_coro(), which directly uses cloudpickle.loads() on received messages without any sanitization. This can result in remote code execution by deserializing malicious pickle data.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/75a544f3-34a3-4da0-b5a3-1495cb031e09	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:vllm-project:vllm:0.6.0:*:*:*:*:*:*:*

History

29 Apr 2025, 18:14

Type	Values Removed	Values Added
CPE		cpe:2.3:a:vllm-project:vllm:0.6.0:::::::*
References	~~() https://huntr.com/bounties/75a544f3-34a3-4da0-b5a3-1495cb031e09 -~~	() https://huntr.com/bounties/75a544f3-34a3-4da0-b5a3-1495cb031e09 - Exploit, Third Party Advisory
First Time		Vllm-project Vllm-project vllm
Summary		(es) vllm-project vllm versión 0.6.0 contiene una vulnerabilidad en los puntos de entrada del servidor RPC AsyncEngineRPCServer(). La función principal, run_server_loop(), llama a la función _make_handler_coro(), que utiliza directamente cloudpickle.loads() en los mensajes recibidos sin ningún tipo de depuración. Esto puede provocar la ejecución remota de código al deserializar datos de pickle maliciosos.

20 Mar 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-20 10:15

Updated : 2025-04-29 18:14

NVD link : CVE-2024-9053

Mitre link : CVE-2024-9053

CVE.ORG link : CVE-2024-9053

JSON object : View

Products Affected

vllm-project

vllm

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2024-9053", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:46.327", "references": [{"url": "https://huntr.com/bounties/75a544f3-34a3-4da0-b5a3-1495cb031e09", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls the function _make_handler_coro(), which directly uses cloudpickle.loads() on received messages without any sanitization. This can result in remote code execution by deserializing malicious pickle data."}, {"lang": "es", "value": "vllm-project vllm versi\u00f3n 0.6.0 contiene una vulnerabilidad en los puntos de entrada del servidor RPC AsyncEngineRPCServer(). La funci\u00f3n principal, run_server_loop(), llama a la funci\u00f3n _make_handler_coro(), que utiliza directamente cloudpickle.loads() en los mensajes recibidos sin ning\u00fan tipo de depuraci\u00f3n. Esto puede provocar la ejecuci\u00f3n remota de c\u00f3digo al deserializar datos de pickle maliciosos."}], "lastModified": "2025-04-29T18:14:13.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vllm-project:vllm:0.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C21B072B-4EBD-4D1A-B27A-62ED9D7D9170"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}