Skip to content

Instantly share code, notes, and snippets.

@hexian2001
Created October 24, 2024 15:36
Show Gist options
  • Save hexian2001/51c6257351098e5b086a12ad247cc6ca to your computer and use it in GitHub Desktop.
Save hexian2001/51c6257351098e5b086a12ad247cc6ca to your computer and use it in GitHub Desktop.
CVE-2024-48206
## CVE-2024-48206: Deserialization of Untrusted Data in Chainer’s Chainermn
### Description
A vulnerability in Chainer v7.8.1.post1 allows for the deserialization of untrusted data, leading to the execution of arbitrary code. The issue is located in the `chainermn` module, specifically in the communication utility component responsible for handling data exchange between nodes in a distributed system. This vulnerability can be exploited remotely by sending specially crafted serialized payloads that, when deserialized, can execute arbitrary commands.
### Vulnerability Type
- CWE-502: Deserialization of Untrusted Data
### Affected Product Code Base
- Chainer v7.8.1.post1 (https://github.com/chainer/chainer)
### Affected Component
- `chainermn/communicators/_communication_utility.py` (https://github.com/chainer/chainer/blob/a8e15cbe55a90854a3918b8b5a976abbbff9ec94/chainermn/communicators/_communication_utility.py#L171)
### Attack Type
- Remote
### Impact
- Code Execution
### Attack Vectors
Exploitation occurs through the deserialization of untrusted data within the communication utility of Chainer’s `chainermn` module. Attackers can craft payloads that, when processed by the vulnerable function, result in code execution.
### Reference
- [Chainer’s Chainermn MPI Deserialization Vulnerability](https://rumbling-slice-eb0.notion.site/chainer-s-chainermn-has-MPI-Deserialization-vulnerability-in-chainer-chainer-c6a004feb53a447e8fb440968d73d6fd?pvs=4)
### Discoverer
- HRP, Aftersnow, Gxh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment