PyTorch Distributed RPC RemoteModule Deserialization RCE Vulnerability with PoC

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Type**: Distributed RPC Framework RemoteModule has Deserialization RCE in pytorch/pytorch 2. **Description**: - **Credit**: HRP Aftersnow gxh - **Vulnerability Description**: The Distributed RPC Framework RemoteModule contains a deserialization-based Remote Code Execution (RCE) vulnerability. 3. **Proof of Concept**: - **Initialization Environment**: ```bash export MASTER_ADDR=127.0.0.1 export MASTER_PORT=5000 export TP_SOCKET_IFNAME=ens18 export GLOO_SOCKET_IFNAME=ens18 ``` - **Server Code**: ```python import torch import torch.distributed.rpc as rpc def run_server(): # ... rpc.init_rpc("server", rank=0, world_size=1) # ... ``` - **Client Code**: ```python import torch import torch.distributed.rpc as rpc def run_client(): # ... rpc.shutdown() # ... ``` 4. **Exploitation**: - By setting environment variables and calling the `torch.distributed.rpc.init_rpc` function, the remote code execution vulnerability can be triggered. This information indicates that the vulnerability exploits a deserialization flaw in the RemoteModule of the Distributed RPC Framework, leading to remote code execution.

Goal Reached Thanks to every supporter — we hit 100%!

PyTorch Distributed RPC RemoteModule Deserialization RCE Vulnerability with PoC