A critical vulnerability has been discovered in Meta's Llama large language model framework that could allow an attacker to execute arbitrary code on the llama-stack server.
A critical vulnerability has been discovered in Meta's Llama large language model framework that could allow an attacker to execute arbitrary code on the llama-stack server.
The vulnerability, tracked as CVE-2024-50050, has a CVSS score of 6.3 out of 10.0. On the other hand, Snyk has given it a critical severity rating of 9.3, The Hacker News reports .
“Affected versions of meta-llama are vulnerable to untrusted data deserialization, meaning an attacker could execute arbitrary code by sending malicious deserialized data,” cloud security company Oligo Security said in an analysis.
The flaw, according to the company, lies in the Llama Stack component, which defines a set of APIs for developing artificial intelligence (AI) applications, including using Meta's own Llama models.
The vulnerability occurs due to the use of the Python pickle library, which can lead to arbitrary code execution when loading malicious data.
When a ZeroMQ socket is open over the network, attackers can exploit this vulnerability by sending malicious objects to the socket. Since recv_pyobj unpacks these objects, the attacker can achieve arbitrary code execution on the vulnerable host.
The vulnerability was disclosed as part of a responsible disclosure on September 24, 2024. Meta patched the vulnerability on October 10 in version 0.0.41. It was also patched in pyzmq, the Python library that provides access to ZeroMQ.
