Arbitrary Code Execution via Pickle Deserialization in PyTorch Distributed
Description
Potential arbitrary code execution from `PyTorch.Distributed` functions reliant on pickling. The use of pickle for serialization can lead to the execution of arbitrary code if the data being deserialized comes from an untrusted source.
Examples
Insecure Code
python
torch.distributed.broadcast_object_list([pickle.dumps(__import__('os').system('ls'))])Secure Code
python
import json; torch.distributed.broadcast_object_list([json.dumps({'data': 'safe_data'})])Remediation
Use alternative serialization methods that are not vulnerable to code execution, such as JSON or MessagePack. Ensure that all data being deserialized comes from a trusted source.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0496 |
| Category | Deserialization |
| Severity | CRITICAL |
| CWE | CWE-502 |
| Confidence | MEDIUM |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | pickle, deserialization, arbitrary code execution |
| OWASP | N/A |